Buffer Overflow Vulnerability in Yi Home Camera by Yi Technology
CVE-2018-3899

8.3HIGH

Key Information:

Vendor: Unknown
Status: Yi Technology
Vendor: CVE Published:; 2 November 2018

What is CVE-2018-3899?

A code execution vulnerability exists in the QR code scanning functionality of the Yi Home Camera, allowing an attacker to exploit a specially crafted QR code. This flaw can lead to a buffer overflow, enabling the overwrite of critical memory structures, including function return addresses. The vulnerable trans_info function processes QR codes in such a way that a maliciously designed QR code can trigger the overflow, potentially allowing unauthorized code execution on the device.

Affected Version(s)

Yi Technology Yi Technology Home Camera 27US 1.8.7.0D

References

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2018
Vulnerability Reserved
Jan 2, 2018

Unknown

What is CVE-2018-3899?

Affected Version(s)

References

CVSS V3.1

Timeline