Missing Authentication Vulnerability in Yi Technology YI Home Camera 2
CVE-2026-4476

5.3MEDIUM

Key Information:

Vendor

Yi Technology

Status
Yi Home Camera
Vendor
CVE Published:
20 March 2026

What is CVE-2026-4476?

A security vulnerability has been identified in the Yi Technology YI Home Camera 2, specifically in the CGI Endpoint component. This issue arises from missing authentication controls in an unknown function of the file home/web/ipc. Access to the local network is a prerequisite for exploiting this vulnerability, which could allow unauthorized manipulation and access to the camera's functionalities. The vendor has been informed about the discovery, but there has been no response to address the issue.

Affected Version(s)

YI Home Camera 2 2.1.1_20171024151200

References

https://vuldb.com/?id.351766
vdb-entry
https://vuldb.com/?ctiid.351766
signaturepermissions-required
https://vuldb.com/?submit.773070
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0rbitingZer0 (VulDB User)
VulDB
.