FNKvision FNK-GU2 On-Chip Debug Interface Vulnerability Allowing Unauthorized Access to Root Shell

A critical vulnerability exists in the FNKvision FNK-GU2 wireless IP camera, specifically in firmware versions prior to 40.1.7. The issue arises from an unprotected UART interface on the main printed circuit board, which allows physical access to the camera's on-chip debug and test capabilities without proper access control. This vulnerability enables an attacker to connect to the serial interface, bypass password authentication, and gain root access to the device's operating system. The flaw has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability provides complete administrative control over the device, allowing unauthorized access to the root shell.

Reproduction

The vulnerability can be reproduced by physically accessing the FNK-GU2 camera and disassembling it to expose the main circuit board. Once the UART port is identified, it can be accessed using a USB-to-serial adapter. After connecting to the serial console, the camera can be powered on to receive boot logs. Pressing Enter at the login prompt and entering 'root' grants immediate access to the root shell, without any password required.