FNKvision Y215 CCTV Camera Information Disclosure Vulnerability

A vulnerability exists in the FNKvision Y215 CCTV camera running version 10.194.120.40, where the Wi-Fi SSID and password are stored in plaintext in multiple locations, including /tmp/wpa_supplicant.conf and system/param/network.ini. This information can be accessed through a firmware dump or via serial/UART access, exposing sensitive network credentials. The vulnerability has been classified as problematic, with a CVSSv3 score of 1.5.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive Wi-Fi credentials, which could be used to intercept or manipulate network traffic.

Reproduction

The vulnerability can be reproduced by accessing the camera's firmware through a CH341A programmer, which can then be analyzed with Ghidra. The Wi-Fi credentials can be extracted from the firmware dump using a grep search. Alternatively, the credentials can be accessed directly from the camera's filesystem via the serial console.