Exposure of Sensitive Information to an Unauthorized Actor

CVE-2025-9381

Low

0.3/10

Summary

A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Complexity: HIGH
Attack Vector: PHYSICAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

References

Advisory Timeline

Published Aug 24, 2025

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2025-9381

Summary

CWE-200 - Information Exposure

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS