Skip to main content

Yi Home Camera Firmware CVE-2018-3928

HIGH
Information Exposure (CWE-200)
2018-11-01 talos-cna@cisco.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 01, 2018 - 15:29 nvd
HIGH 7.5

DescriptionNVD

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.

AnalysisAI

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. Affected products include: Yitechnology Yi Home Camera Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2018-3934 CRITICAL POC
9.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3900 HIGH POC
8.8 Nov 01

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3892 HIGH POC
8.1 Nov 02

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3947 HIGH POC
8.1 Nov 01

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US

CVE-2018-3910 HIGH POC
8.0 Nov 01

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3935 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. Rat

CVE-2018-3899 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3898 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3920 MEDIUM POC
6.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7

CVE-2018-3890 MEDIUM POC
6.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3891 MEDIUM POC
4.6 Nov 02

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7

Share

CVE-2018-3928 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy