Code Execution Vulnerability in Yi Home Camera Firmware from Yi Technology
CVE-2018-3934

9CRITICAL

Key Information:

Vendor: Unknown
Status: Yi Technology
Vendor: CVE Published:; 2 November 2018

What is CVE-2018-3934?

A code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. This flaw can be exploited using specially crafted UDP packets, leading to a logic error that allows attackers to bypass authentication. By sniffing network traffic and sending specific packet sequences, an unauthorized actor can gain access to the affected device.

Affected Version(s)

Yi Technology Yi Technology Home Camera 27US 1.8.7.0D

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2018
Vulnerability Reserved
Jan 2, 2018

CVE-2018-3934 Data

JSON

Unknown

What is CVE-2018-3934?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline