Code Execution Vulnerability in Yi Home Camera by Yi Technology
CVE-2018-3935

7.5HIGH

Key Information:

Vendor: Unknown
Status: Yi Technology
Vendor: CVE Published:; 2 November 2018

What is CVE-2018-3935?

An exploitable vulnerability exists in the UDP network functionality of the Yi Home Camera, specifically in version 27US 1.8.7.0D. By sending a specially crafted set of UDP packets, an attacker can trigger unlimited memory allocation, leading to a denial of service condition. This vulnerability allows attackers to disrupt normal operations by overwhelming the device with crafted packet sequences.

Affected Version(s)

Yi Technology Yi Technology Home Camera 27US 1.8.7.0D

References

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2018
Vulnerability Reserved
Jan 2, 2018

CVE-2018-3935 Data

JSON

Unknown

What is CVE-2018-3935?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline