Primary

Context

FNKvision Y215 CCTV Camera Weak Cryptography Vulnerability

Vulnerability

A vulnerability exists in the FNKvision Y215 CCTV camera running version 10.194.120.40, where the firmware uses DES-based crypt() hashes to store passwords in the /etc/passwd file. This weak hashing method can be easily cracked, posing a security risk.

Impact

Exploitation of this vulnerability allows for unauthorized access to the camera with root privileges, as the weakly hashed password can be quickly cracked and used to gain access.

Reproduction

The vulnerability can be reproduced by accessing the camera's firmware, which contains hardcoded root credentials. These credentials can be extracted and verified through the camera's UART connection. Once the credentials are obtained, they can be used to log into the camera as root.

Added: Aug 24, 2025, 10:18 AM

Updated: Aug 24, 2025, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FNKvision Y215 CCTV Camera Weak Cryptography Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating