CVE-2025-7215 is a vulnerability identified in the FNKvision FNK-GU2 device firmware versions up to 40.1.7. The issue involves the cleartext storage of sensitive information within the file /rom/wpa_supplicant.conf. This file is typically associated with Wi-Fi configuration and may contain credentials or keys used for wireless network authentication. The vulnerability arises from improper handling or storage of this sensitive data, allowing an attacker with physical access to the device to extract confidential information directly from the device's storage. The attack complexity is rated as high, indicating that exploitation requires specialized skills and physical access to the device, and no remote exploitation vector is indicated. The vulnerability does not require user interaction but does require high privileges (likely administrative or root level) on the device to access the sensitive file. The CVSS 4.0 base score is 1.0, reflecting a low severity due to limited attack surface and difficulty in exploitation. There are no known exploits in the wild, and no patches or mitigation links have been provided at the time of publication. The vulnerability disclosure is public, which means that threat actors could potentially develop exploits in the future. The vulnerability primarily impacts confidentiality, as sensitive information stored in cleartext could be extracted, but it does not affect integrity or availability of the device or network services directly.

For European organizations using FNKvision FNK-GU2 devices, this vulnerability poses a confidentiality risk if attackers gain physical access to the devices. Sensitive Wi-Fi credentials or configuration data stored in cleartext could be extracted, potentially allowing unauthorized network access or lateral movement within the organization's network. While the exploitation complexity and requirement for physical access limit the likelihood of widespread attacks, environments with less physical security or devices deployed in publicly accessible or unsecured locations are at higher risk. The impact is particularly relevant for sectors with stringent data protection requirements under GDPR, as unauthorized disclosure of network credentials could lead to further breaches of personal data. However, since the vulnerability does not enable remote exploitation or direct disruption of services, the overall operational impact is limited. Organizations relying on these devices for critical infrastructure or sensitive communications should consider the risk more seriously due to the potential for targeted attacks.

To mitigate this vulnerability, European organizations should implement strict physical security controls to prevent unauthorized access to FNKvision FNK-GU2 devices. This includes securing device locations, using locked enclosures, and monitoring access logs where possible. Organizations should verify if FNKvision has released firmware updates or patches addressing this issue and apply them promptly once available. In the absence of official patches, consider disabling or restricting access to the affected configuration files or encrypting sensitive configuration data if the device supports such features. Network segmentation can limit the impact of compromised credentials by isolating critical systems. Regular audits of device configurations and credentials should be conducted to detect unauthorized changes or exposures. Additionally, organizations should consider replacing or upgrading devices that cannot be adequately secured or patched. Employee training on the importance of physical security and device handling is also recommended to reduce risk.