| Title | FNKvision FNK-GU2 Wireless IP Camera Firmware version 40.1.7 and prior On-Chip Debug and Test Interface With Improper Access Control (C |
|---|
| Description | The FNKvision GU2 Wireless IP Camera has an unprotected serial interface accessible on the main PCB. An attacker with physical access can connect to this interface and gain a root shell by providing the username 'root', which bypasses password authentication and provides complete administrative control over the device's operating system. |
|---|
| Source | ⚠️ https://medium.com/@pundhapat/sqli-in-the-cloud-root-on-the-board-a-beginners-journey-into-iot-hacking-06efb2539a21 |
|---|
| User | 0xHasta (UID 86257) |
|---|
| Submission | 07/02/2025 20:19 (10 months ago) |
|---|
| Moderation | 07/07/2025 15:19 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 315162 [FNKvision FNK-GU2 up to 40.1.7 UART Interface on-chip debug and test interface with improper access control] |
|---|
| Points | 18 |
|---|