Fanvil x210 V2 Under Attack: Unauthenticated File Upload Vulnerability (CVE-2025-64056)

Overview

A critical file upload vulnerability, identified as CVE-2025-64056, has been discovered in Fanvil x210 V2 devices, specifically version 2.12.20. This vulnerability allows unauthenticated attackers on the local network to store arbitrary files on the device’s filesystem. This could lead to various malicious activities, including code execution, data exfiltration, or denial of service.

This blog post provides a detailed analysis of the vulnerability, including technical details, potential impact, and recommended mitigation strategies.

Technical Details

The vulnerability exists due to insufficient input validation during the file upload process. The Fanvil x210 V2 firmware lacks proper authentication and authorization mechanisms for certain file upload endpoints. This allows an attacker on the same local network to bypass security checks and upload malicious files. The specific file upload location and exploit details are documented in the reference below. Exploitation typically involves crafting a malicious HTTP request to the vulnerable endpoint.

CVSS Analysis

At the time of this writing (2025-12-06), the CVSS score for CVE-2025-64056 is not yet available. However, considering the unauthenticated nature of the attack and the potential for arbitrary file storage, it is likely to receive a high CVSS score, potentially in the Critical range, pending official assessment. We will update this section as soon as the CVSS score is released.

Possible Impact

The impact of CVE-2025-64056 could be severe. Successful exploitation of this vulnerability could allow an attacker to:

• Execute Arbitrary Code: Uploading executable files or scripts could allow the attacker to gain remote control of the device.
• Data Exfiltration: Sensitive data stored on the device, such as configuration files or call logs, could be stolen.
• Denial of Service (DoS): Malicious files could be uploaded to consume excessive storage space or crash the device.
• Compromise the Network: The compromised device could be used as a pivot point to attack other devices on the local network.

Mitigation and Patch Steps

Currently, a patch or official mitigation is not yet available from Fanvil. However, the following steps can be taken to reduce the risk of exploitation:

• Network Segmentation: Isolate the Fanvil x210 V2 devices on a separate network segment with restricted access.
• Firewall Rules: Implement firewall rules to restrict access to the device’s web interface from untrusted networks.
• Monitor Network Traffic: Monitor network traffic for suspicious activity, such as unauthorized file uploads.
• Disable Unnecessary Services: Disable any unnecessary services or features on the device.
• Stay Updated: Regularly check the Fanvil website (http://fanvil.com) for security advisories and firmware updates.

Once a patch is released by Fanvil, it is strongly recommended to apply it immediately.