CVE-2025-9380 is a high-severity vulnerability affecting the FNKvision Y215 CCTV Camera firmware version 10.194.120.40. The issue stems from hard-coded credentials embedded within the device's firmware, specifically related to the /etc/passwd file or its handling. This vulnerability requires local access to the device to exploit, meaning an attacker must have some form of direct or network-level access that allows interaction with the device's filesystem or operating system environment. The presence of hard-coded credentials can allow an attacker with local access to bypass authentication mechanisms, potentially gaining elevated privileges or unauthorized control over the device. The CVSS 4.0 score of 8.5 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. The vulnerability does not require authentication to exploit once local access is obtained, and the scope is limited to the affected firmware version. The vendor has not responded to disclosure attempts, and no patches are currently available. Although no known exploits are reported in the wild, a public exploit exists, increasing the risk of exploitation. This vulnerability is critical in environments where physical or network access to the CCTV camera is possible, as it could lead to unauthorized surveillance, manipulation of video feeds, or use of the device as a pivot point for further network intrusion.

For European organizations, this vulnerability poses significant risks, especially for sectors relying heavily on CCTV for security such as critical infrastructure, transportation, government facilities, and corporate offices. Exploitation could lead to unauthorized access to surveillance footage, compromising privacy and security. Attackers could manipulate or disable cameras, undermining physical security controls. Additionally, compromised cameras could serve as entry points for lateral movement within enterprise networks, potentially exposing sensitive data or disrupting operations. The lack of vendor response and patches increases the window of exposure. Organizations with FNKvision Y215 cameras deployed in sensitive or high-risk locations face elevated threats of espionage, sabotage, or data breaches. Given the local access requirement, attackers might exploit weak network segmentation or physical access vulnerabilities to reach the device. The high confidentiality, integrity, and availability impact means that exploitation could severely damage organizational security posture and trust.

1. Immediate network segmentation: Isolate FNKvision Y215 cameras on dedicated VLANs with strict access controls to limit local access opportunities. 2. Implement strong physical security controls to prevent unauthorized physical access to devices. 3. Monitor network traffic for unusual activity originating from or targeting these cameras, including attempts to access device management interfaces. 4. Disable or restrict unused services and interfaces on the cameras to reduce attack surface. 5. Employ network-level authentication and encryption where possible to protect device communications. 6. Maintain an inventory of all FNKvision Y215 devices and track firmware versions to identify affected units. 7. Engage with FNKvision or authorized resellers to seek firmware updates or patches; if unavailable, consider replacing affected devices with more secure alternatives. 8. Use intrusion detection systems (IDS) and endpoint detection and response (EDR) tools to detect exploitation attempts. 9. Regularly audit device configurations and logs for signs of compromise. 10. Educate security and IT staff about this vulnerability to ensure rapid response if exploitation is suspected.