Remote Code Execution Vulnerability in YI Smart Kami Vision Application for Android
CVE-2024-23727

8.4HIGH

Key Information:

Vendor: YI Technology
Status: YI Smart Kami Vision Application
Vendor: CVE Published:; 28 March 2024

🔔 Create YI Technology Vulnerability Alert

What is CVE-2024-23727?

The YI Smart Kami Vision application, version 1.0.0_20231219 for Android, presents a significant security vulnerability allowing remote attackers to execute arbitrary JavaScript code. This exploit is facilitated through an implicit intent targeting the WebViewActivity component of the application. Users are advised to update their applications to mitigate potential risks associated with this vulnerability.

References

https://github.com/actuator/yi/blob/main/com.kamivision.y...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Jan 21, 2024

CVE-2024-23727 Data

JSON