Login Sign Up

CVE-2025-9382

6.4 MEDIUM

📋 TL;DR

This vulnerability in FNKvision Y215 CCTV cameras allows attackers to exploit a backdoor in the Telnet service via manipulation of the s1_rf_test_config file. Attackers could gain unauthorized access to the device, potentially compromising video feeds and device control. Only users of the specific FNKvision Y215 model with vulnerable configurations are affected.

💻 Affected Systems

Products:
  • FNKvision Y215 CCTV Camera
Versions: Unknown specific versions, but appears to affect devices with IP 10.194.120.40 configuration
Operating Systems: Embedded Linux-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with Telnet service enabled and accessible are vulnerable. Physical access may also be a factor.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing unauthorized access to video feeds, device reconfiguration, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized access to the device leading to video feed interception and potential device manipulation.

🟢

If Mitigated

Limited impact if devices are properly segmented and access controls are implemented.

🌐 Internet-Facing: HIGH - Devices exposed to the internet are directly accessible to attackers.
🏢 Internal Only: MEDIUM - Requires internal network access but could be exploited by compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploit details are publicly available but require specific conditions and manipulation of the s1_rf_test_config file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider workarounds or device replacement.

🔧 Temporary Workarounds

Disable Telnet Service

all

Disable the Telnet service on affected cameras to prevent exploitation

telnet service disable (camera-specific command)
systemctl disable telnet (if applicable)

Network Segmentation

all

Isolate CCTV cameras on separate VLAN with strict access controls

🧯 If You Can't Patch

  • Physically disconnect cameras from networks when not needed
  • Implement strict firewall rules blocking all Telnet traffic to cameras

🔍 How to Verify

Check if Vulnerable:

Check if Telnet service is running on port 23 and if s1_rf_test_config file exists in vulnerable state

Check Version:

Unknown - vendor-specific firmware check required

Verify Fix Applied:

Verify Telnet service is disabled and cannot be accessed on port 23

📡 Detection & Monitoring

Log Indicators:

  • Telnet authentication attempts
  • Unauthorized access to s1_rf_test_config file
  • Unexpected configuration changes

Network Indicators:

  • Telnet traffic to camera IPs on port 23
  • Unusual outbound connections from cameras

SIEM Query:

source_ip="camera_ip" AND dest_port=23 AND protocol="TCP"

📊 Metadata

CVE ID: CVE-2025-9382
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-912
EPSS Score: 0.01% exploit probability (2th percentile)
Published: August 24, 2025
Last Updated: August 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9382, you might also want to check these:

CVE-2024-39754 10.0

A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attack...

Same vulnerability type (CWE-912)
CVE-2020-12504 9.8

This CVE describes an improper authorization vulnerability in Pepperl+Fuchs Comtrol RocketLinx indus...

Same vulnerability type (CWE-912)
CVE-2024-45697 9.8

This vulnerability affects certain D-Link wireless routers where the telnet service is automatically...

Same vulnerability type (CWE-912)