Skip to main content

Yi Home Camera Firmware CVE-2018-3935

HIGH
Uncontrolled Resource Consumption (CWE-400)
2018-11-02 talos-cna@cisco.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 02, 2018 - 17:29 nvd
HIGH 7.5

DescriptionNVD

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.

AnalysisAI

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. Affected products include: Yitechnology Yi Home Camera Firmware, Yitechnology Yi Home.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2018-3934 CRITICAL POC
9.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3900 HIGH POC
8.8 Nov 01

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3892 HIGH POC
8.1 Nov 02

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3947 HIGH POC
8.1 Nov 01

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US

CVE-2018-3910 HIGH POC
8.0 Nov 01

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3899 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3898 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3928 HIGH POC
7.5 Nov 01

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3920 MEDIUM POC
6.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7

CVE-2018-3890 MEDIUM POC
6.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3891 MEDIUM POC
4.6 Nov 02

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7

Share

CVE-2018-3935 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy