FNKvision Y215 CCTV Camera Telnet Backdoor Vulnerability

A backdoor vulnerability has been identified in the FNKvision Y215 CCTV Camera running version 10.194.120.40. This vulnerability is triggered by the presence of a specific file on an inserted SD card, which activates the Telnet service. The camera contains hardcoded root credentials that can be exploited to gain administrative access. This issue raises significant security concerns, as it allows unauthorized users to enable remote management capabilities on the device without detection.

Impact

Exploitation of this vulnerability opens a Telnet backdoor on the affected camera, allowing unauthorized users to gain root access. This could lead to further exploitation of the device or its network.

Reproduction

To reproduce this vulnerability, insert an SD card containing a file named 's1_rf_test_config' into the FNKvision Y215 CCTV camera. After rebooting the camera with the SD card inserted, the Telnet service will be activated. The hardcoded root credentials can then be used to log in via Telnet and gain root access to the device.