{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9381", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-23T15:00:08.288Z", "datePublished": "2025-08-24T07:32:06.722Z", "dateUpdated": "2025-08-24T07:32:06.722Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-24T07:32:06.722Z"}, "title": "FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "FNKvision", "product": "Y215 CCTV Camera", "versions": [{"version": "10.194.120.40", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In FNKvision Y215 CCTV Camera 10.194.120.40 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /tmp/wpa_supplicant.conf. Die Ver\u00e4nderung resultiert in information disclosure. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1, "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 1.6, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 1.6, "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 0.8, "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-23T17:05:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Hypernyan (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.321214", "name": "VDB-321214 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.321214", "name": "VDB-321214 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.629811", "name": "Submit #629811 | FNKvision Y215 CCTV Camera 10.194.120.40 Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215", "tags": ["related"]}, {"url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-9381", "lastModified": "2025-08-24T08:15:27.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 0.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 1.2, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 1.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.2, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-24T08:15:27.250", "references": [{"source": "[email protected]", "url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215"}, {"source": "[email protected]", "url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.321214"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.321214"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.629811"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Primary"}]}

{}