Skip to main content

Yi Home Camera Firmware CVE-2018-3947

HIGH
Information Exposure (CWE-200)
2018-11-01 talos-cna@cisco.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 01, 2018 - 15:29 nvd
HIGH 8.1

DescriptionNVD

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.

AnalysisAI

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. Affected products include: Yitechnology Yi Home Camera Firmware, Yitechnology Yi Home.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2018-3934 CRITICAL POC
9.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3900 HIGH POC
8.8 Nov 01

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3892 HIGH POC
8.1 Nov 02

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3910 HIGH POC
8.0 Nov 01

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3935 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. Rat

CVE-2018-3899 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3898 HIGH POC
7.5 Nov 02

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D

CVE-2018-3928 HIGH POC
7.5 Nov 01

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3920 MEDIUM POC
6.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7

CVE-2018-3890 MEDIUM POC
6.8 Nov 02

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D.

CVE-2018-3891 MEDIUM POC
4.6 Nov 02

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7

Share

CVE-2018-3947 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy