Vulnerability in Yi Technology YI Home Camera 2 Affects Firmware Update Process
CVE-2026-4478

9.2CRITICAL

Key Information:

Vendor

Yi Technology

Status
Yi Home Camera
Vendor
CVE Published:
20 March 2026

What is CVE-2026-4478?

A vulnerability has been discovered in the YI Home Camera 2 that affects the HTTP Firmware Update Handler. This issue arises from improper verification of the cryptographic signature, allowing potential attackers to exploit the firmware update process remotely. Although the complexity of carrying out such an attack is notably high, the availability of public exploits increases the risk. Despite reaching out to the vendor for information, there has been no response regarding this critical security issue.

Affected Version(s)

YI Home Camera 2 2.1.1_20171024151200

References

https://vuldb.com/?id.351768
vdb-entry
https://vuldb.com/?ctiid.351768
signaturepermissions-required
https://vuldb.com/?submit.773162
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0rbitingZer0 (VulDB User)
VulDB
.