CVE-2025-9382 is a medium-severity vulnerability identified in the FNKvision Y215 CCTV Camera, specifically affecting firmware version 10.194.120.40. The vulnerability resides in an unknown portion of the file s1_rf_test_config within the Telnet Service component of the device. Exploitation of this weakness can lead to the establishment of a backdoor on the physical device, potentially allowing unauthorized remote access or control. The attack complexity is high, indicating that exploitation requires significant skill or conditions, and no user interaction or authentication is needed, but the attack vector is physical access to the device. The CVSS 4.0 vector indicates that the attack requires physical access (AV:P), has high complexity (AC:H), no privileges or user interaction (PR:N, UI:N), and results in high impact on confidentiality, integrity, and availability (C:H, I:H, A:H). The vendor FNKvision has not responded to disclosure attempts, and no patches or mitigations have been released. Although the exploit code is publicly available, there are no known active exploits in the wild at this time. The vulnerability is significant because CCTV cameras are often deployed in critical infrastructure and sensitive environments, and a backdoor could be used for espionage, sabotage, or lateral movement within a network. The Telnet service, often considered insecure, is a common attack surface, and the presence of a backdoor could allow attackers to bypass normal authentication and controls. Given the physical access requirement, attackers would need to be on-site or have physical access to the device or network segment to exploit this vulnerability.

For European organizations, this vulnerability poses a risk primarily to physical security and network integrity. CCTV cameras are widely used across sectors such as government, transportation, energy, and corporate facilities. A backdoor could allow attackers to manipulate video feeds, disable surveillance, or use the compromised device as a foothold for further network intrusion. This could lead to breaches of confidentiality (e.g., surveillance footage leaks), integrity (e.g., tampering with recorded evidence), and availability (e.g., disabling security monitoring). The high impact on all security dimensions means that critical infrastructure and sensitive sites could be severely affected. The physical access requirement limits remote exploitation but does not eliminate risk, especially in environments where devices are accessible to contractors, visitors, or insiders. The lack of vendor response and patches increases the window of exposure, making it imperative for organizations to take compensating controls. The public availability of exploit code raises the risk of opportunistic attacks, including by less skilled adversaries who can leverage the exploit without deep technical knowledge.

1. Physically secure all FNKvision Y215 CCTV cameras to prevent unauthorized access to the devices. 2. Disable the Telnet service on the affected devices if possible, or restrict access to it via network segmentation and firewall rules. 3. Monitor network traffic for unusual connections or commands targeting the Telnet service on these cameras. 4. Implement strict access controls and logging for any maintenance or configuration activities involving these cameras. 5. Consider replacing affected devices with models from vendors that provide timely security updates and have a better security track record. 6. If replacement is not immediately feasible, deploy network-level intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. 7. Conduct regular security audits and physical inspections of CCTV infrastructure to detect tampering or unauthorized modifications. 8. Engage with FNKvision or third-party security researchers to seek or develop patches or firmware updates addressing this vulnerability. 9. Educate staff about the risks of physical access to security devices and enforce strict visitor and contractor policies.