Remote Code Execution Vulnerability in Kami Vision YI IoT Application for Android
CVE-2023-47882

7.1HIGH

Key Information:

Vendor: Kami Vision
Vendor: CVE Published:; 27 December 2023

🔔 Create Kami Vision Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-47882?

The Kami Vision YI IoT application for Android, specifically version 4.1.9_20231127, is susceptible to a remote code execution vulnerability. This issue arises from an implicit intent to the WebViewActivity component, which permits an attacker to execute arbitrary JavaScript code. If exploited, this vulnerability could compromise the security of the device and potentially expose sensitive information.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

yi
Created by actuator

References

https://play.google.com/store/apps/details?id=com.yunyi.s...

https://github.com/actuator/yi/blob/main/CWE-319.md

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2023
Vulnerability Reserved
Nov 13, 2023
🟡
Public PoC available
Nov 5, 2023
👾
Exploit known to exist
Nov 5, 2023

CVE-2023-47882 Data

JSON