{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9381", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-23T15:00:08.288Z", "datePublished": "2025-08-24T07:32:06.722Z", "dateUpdated": "2025-08-25T20:23:54.454Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-24T07:32:06.722Z"}, "title": "FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "FNKvision", "product": "Y215 CCTV Camera", "versions": [{"version": "10.194.120.40", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In FNKvision Y215 CCTV Camera 10.194.120.40 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /tmp/wpa_supplicant.conf. Die Ver\u00e4nderung resultiert in information disclosure. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1, "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 1.6, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 1.6, "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 0.8, "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-23T17:05:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Hypernyan (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.321214", "name": "VDB-321214 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.321214", "name": "VDB-321214 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.629811", "name": "Submit #629811 | FNKvision Y215 CCTV Camera 10.194.120.40 Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215", "tags": ["related"]}, {"url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T20:23:45.525160Z", "id": "CVE-2025-9381", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T20:23:54.454Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9381", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-23T15:00:08.288Z", "datePublished": "2025-08-24T07:32:06.722Z", "dateUpdated": "2025-08-25T20:23:54.454Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-24T07:32:06.722Z"}, "title": "FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "FNKvision", "product": "Y215 CCTV Camera", "versions": [{"version": "10.194.120.40", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In FNKvision Y215 CCTV Camera 10.194.120.40 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /tmp/wpa_supplicant.conf. Die Ver\u00e4nderung resultiert in information disclosure. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1, "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 1.6, "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 1.6, "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 0.8, "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-23T17:05:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Hypernyan (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.321214", "name": "VDB-321214 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.321214", "name": "VDB-321214 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.629811", "name": "Submit #629811 | FNKvision Y215 CCTV Camera 10.194.120.40 Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215", "tags": ["related"]}, {"url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9381", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T20:23:45.525160Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T20:23:50.027Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en la c\u00e1mara CCTV FNKvision Y215 10.194.120.40. Esta afecta a una parte desconocida del archivo /tmp/wpa_supplicant.conf. La manipulaci\u00f3n da como resultado la divulgaci\u00f3n de informaci\u00f3n. El ataque podr\u00eda ejecutarse en el dispositivo f\u00edsico. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. El exploit se ha publicado y podr\u00eda ser explotado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-9381", "lastModified": "2025-08-25T20:24:45.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 0.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 1.2, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 1.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-24T08:15:27.250", "references": [{"source": "cna@vuldb.com", "url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215"}, {"source": "cna@vuldb.com", "url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.321214"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.321214"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.629811"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}