CVE-2025-9380 HIGH

CVE-2025-9380: FNKvision Y215 CCTV Camera Firmware passwd hard-coded credentials

Vendor Fnkvision
Product Y215 CCTV Camera
Weakness CWE-798 · Hardcoded credentials
Published August 24, 2025
Last update August 25, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 24, 2025 CVE published
August 25, 2025 Record updated

Related vulnerabilities

04Related CVE