CVE-2025-9380 is a high-severity vulnerability affecting the FNKvision Y215 CCTV Camera, specifically version 10.194.120.40 of its firmware. The vulnerability arises from the presence of hard-coded credentials embedded within the device's firmware, linked to manipulation of the /etc/passwd file or related functionality. This flaw allows an attacker with local access—meaning physical or network-level access to the device—to exploit these credentials to gain unauthorized access. The vulnerability does not require user interaction or elevated privileges beyond local access, and the attack complexity is low. The CVSS 4.0 score of 8.5 reflects the significant impact on confidentiality, integrity, and availability, as exploitation could allow an attacker to fully compromise the device. The vendor has been contacted but has not responded or provided a patch, and while no known exploits are currently observed in the wild, a public exploit is available, increasing the risk of exploitation. The vulnerability is particularly concerning because CCTV cameras are often deployed in sensitive environments and may be connected to broader organizational networks, potentially serving as a foothold for lateral movement or surveillance evasion. The lack of vendor response and patch availability further exacerbates the risk, leaving affected devices exposed.

For European organizations, the impact of this vulnerability can be substantial. CCTV cameras are widely used across critical infrastructure, government facilities, corporate offices, and public spaces for security monitoring. Exploitation could lead to unauthorized surveillance, data leakage, or disruption of security monitoring capabilities. Attackers gaining control over these cameras could manipulate video feeds, disable cameras, or use the compromised devices as entry points into internal networks, potentially leading to broader network compromise. This risk is heightened in sectors such as transportation, energy, and public administration, where CCTV systems are integral to operational security. Additionally, the presence of hard-coded credentials undermines compliance with data protection regulations like GDPR, as unauthorized access to surveillance data could result in privacy violations and legal consequences. The lack of vendor support means organizations must rely on internal mitigations or device replacement, increasing operational costs and complexity.

Given the absence of vendor patches, European organizations should implement several targeted mitigations: 1) Isolate affected CCTV cameras on segmented networks with strict access controls to limit local access only to authorized personnel and systems. 2) Employ network monitoring and anomaly detection specifically tuned to identify unusual access patterns or credential misuse on these devices. 3) Where possible, replace affected FNKvision Y215 cameras with models from vendors with active security support and patch management. 4) Disable any unnecessary services or interfaces on the cameras to reduce attack surface. 5) Use strong physical security controls to prevent unauthorized local access to the devices. 6) Implement compensating controls such as VPNs or jump hosts for remote access to ensure that local access is not trivially obtained. 7) Maintain an inventory of all deployed FNKvision Y215 cameras and monitor for firmware updates or vendor communications. 8) Consider deploying endpoint detection and response (EDR) solutions on connected networks to detect lateral movement attempts originating from compromised cameras.