fanvil CVE Vulnerabilities & Metrics

Focus on fanvil vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About fanvil Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with fanvil. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total fanvil CVEs: 6
Earliest CVE date: 03 Dec 2025, 21:15 UTC
Latest CVE date: 05 Dec 2025, 16:15 UTC

Latest CVE reference: CVE-2025-64056

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 6

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical fanvil CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS fanvil CVEs

These are the five CVEs with the highest CVSS scores for fanvil, sorted by severity first and recency.

CVE-2025-64056 fanvil Published on 05 Dec 2025, 16:15 UTC (CVSS: 0)
File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
CVE-2025-64054 fanvil Published on 05 Dec 2025, 16:15 UTC (CVSS: 0)
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
CVE-2025-64053 fanvil Published on 05 Dec 2025, 16:15 UTC (CVSS: 0)
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
CVE-2025-64052 fanvil Published on 05 Dec 2025, 16:15 UTC (CVSS: 0)
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.
CVE-2025-64057 fanvil Published on 05 Dec 2025, 15:15 UTC (CVSS: 0)
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.

All CVEs for fanvil

CVE-2025-64056 fanvil vulnerability CVSS: 0 05 Dec 2025, 16:15 UTC

File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

CVE-2025-64054 fanvil vulnerability CVSS: 0 05 Dec 2025, 16:15 UTC

A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

CVE-2025-64053 fanvil vulnerability CVSS: 0 05 Dec 2025, 16:15 UTC

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

CVE-2025-64052 fanvil vulnerability CVSS: 0 05 Dec 2025, 16:15 UTC

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.

CVE-2025-64057 fanvil vulnerability CVSS: 0 05 Dec 2025, 15:15 UTC

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.

CVE-2025-64055 fanvil vulnerability CVSS: 0 03 Dec 2025, 21:15 UTC

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.