CVE-2025-9381 is an information disclosure vulnerability identified in the FNKvision Y215 CCTV Camera, specifically affecting firmware version 10.194.120.40. The vulnerability involves unauthorized access to sensitive data stored in the file /tmp/wpa_supplicant.conf on the device. This file typically contains Wi-Fi configuration details, including network credentials, which if exposed, could allow attackers to compromise the network to which the camera is connected. The attack requires physical access to the device, which significantly limits remote exploitation possibilities. The complexity of the attack is rated as high, indicating that exploitation is difficult and likely requires specialized knowledge or tools. The vulnerability does not require user interaction or network access, but it does require high privileges on the device, suggesting that an attacker must already have some level of control or access to the device to manipulate the file and extract information. The vendor, FNKvision, was notified early but has not responded or issued a patch, and no official remediation is currently available. Although an exploit has been publicly released, there are no known reports of this vulnerability being exploited in the wild. The CVSS 4.0 score is low (1.0), reflecting the limited attack vector (physical access), high complexity, and low impact on confidentiality, integrity, and availability beyond the disclosed information. However, the exposure of Wi-Fi credentials can have downstream security implications if leveraged by attackers to infiltrate local networks.

For European organizations, the primary impact of this vulnerability lies in the potential compromise of internal network security through exposure of Wi-Fi credentials. Organizations using FNKvision Y215 cameras in sensitive environments risk attackers gaining unauthorized network access if physical access to the device is obtained. This could lead to lateral movement within the network, data exfiltration, or further compromise of connected systems. Although the vulnerability requires physical access, environments with less physical security or publicly accessible cameras (e.g., in retail, public transport, or critical infrastructure) are more vulnerable. The lack of vendor response and patch availability increases risk, as organizations cannot remediate through official updates. The low CVSS score may lead to underestimation of risk, but the potential for network compromise through exposed credentials is significant, especially in high-security contexts. Additionally, the public release of an exploit increases the likelihood of opportunistic attacks by insiders or intruders with physical access.

European organizations should implement strict physical security controls to prevent unauthorized access to CCTV devices, including secure mounting, tamper-evident seals, and restricted access areas. Network segmentation should be enforced so that CCTV cameras reside on isolated VLANs with limited access to critical network resources. Organizations should consider changing Wi-Fi credentials regularly and avoid embedding sensitive credentials in device configuration files when possible. Monitoring for unusual network activity originating from camera devices can help detect potential exploitation. Since no vendor patch is available, organizations could explore firmware updates from trusted third parties or consider replacing vulnerable devices with models from vendors that provide timely security support. Additionally, disabling unnecessary services on the camera and employing network-level access controls (e.g., MAC filtering, WPA3) can reduce exposure. Incident response plans should include procedures for physical device compromise scenarios.