CVE-2025-9381 is an information disclosure vulnerability identified in the FNKvision Y215 CCTV Camera running firmware version 10.194.120.40. The vulnerability involves unauthorized access to sensitive information stored in the file /tmp/wpa_supplicant.conf, which typically contains Wi-Fi configuration details including network SSIDs and potentially passwords. The flaw can be exploited by physically manipulating the device, indicating that an attacker must have direct access to the camera hardware to carry out the attack. The complexity of exploitation is rated as high, meaning that the attack requires specialized knowledge or conditions to succeed. The vulnerability does not require user interaction or network access, but does require high privileges on the device, which implies that the attacker must bypass or already have elevated permissions. The vendor, FNKvision, was notified early but has not responded or issued a patch, and no official remediation is currently available. The CVSS v4.0 base score is 1.0, reflecting a low severity primarily due to the physical access requirement and high attack complexity. However, the public release of an exploit increases the risk of targeted attacks. The vulnerability affects only the specified firmware version, and no other versions or products have been reported as impacted. The exposure of Wi-Fi credentials could facilitate further network intrusion or lateral movement if attackers gain physical access to the device, potentially compromising the broader network environment where the camera is deployed.

For European organizations deploying FNKvision Y215 CCTV cameras, this vulnerability poses a limited but tangible risk. The requirement for physical access reduces the likelihood of remote exploitation, but insider threats or attackers with physical proximity could leverage this flaw to extract Wi-Fi credentials. This could lead to unauthorized network access, enabling further attacks such as data interception, lateral movement, or disruption of security monitoring systems. Organizations relying on these cameras for critical surveillance, especially in sensitive environments like government buildings, transportation hubs, or critical infrastructure, could face confidentiality breaches or operational disruptions. The lack of vendor response and patch availability prolongs exposure, increasing the window for potential exploitation. Additionally, the presence of publicly available exploits raises the risk of opportunistic attacks. Overall, while the direct impact on availability and integrity is minimal, the confidentiality compromise of network credentials can have cascading effects on organizational security posture.

Given the absence of an official patch, European organizations should implement compensating controls to mitigate this vulnerability. First, restrict physical access to FNKvision Y215 cameras by securing installation sites with controlled entry and surveillance to prevent unauthorized manipulation. Second, segment the network where these cameras operate, isolating them from critical systems and sensitive data to limit lateral movement if credentials are compromised. Third, regularly monitor network traffic for unusual access patterns or unauthorized devices connecting to Wi-Fi networks associated with the cameras. Fourth, consider changing Wi-Fi credentials frequently and using strong, unique passwords to reduce the value of any leaked credentials. Fifth, evaluate the feasibility of replacing or upgrading affected cameras to models with better security support. Finally, maintain an inventory of all deployed FNKvision Y215 devices and track firmware versions to identify and prioritize vulnerable units for enhanced monitoring or physical security measures.