CVE-2025-64055
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk37th percentile - higher than 37% of all known CVEs
Summary
An issue was discovered in Fanvil x210 V2 version 2.12.20 allowing unauthenticated attackers on the local network to bypass authentication and access administrative functions such as file upload, firmware update, and device reboot.
Risk Assessment
An attacker on the local network can gain full control over the device, potentially compromising system integrity and availability, and using the device as an entry point for further network attacks.
Recommendation
Immediately update the Fanvil x210 V2 firmware to the latest available version and restrict administrative interface access to trusted networks only using firewall rules.
Original NVD description (English source)
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.

