EUVD-2026-13591CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
A hard-coded credentials vulnerability exists in Yi Technology YI Home Camera 2 firmware version 2.1.1_20171024151200, specifically in the home/web/ipc file component. An unauthenticated attacker on the local network can exploit these credentials to gain full access to the device with high impact on confidentiality, integrity, and availability (CVSS 8.8). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Yi Home Camera 2 devices and identify those running vulnerable firmware 2.1.1_20171024151200. Within 7 days: Isolate affected cameras to a dedicated, segmented network with restricted access controls and disable remote access capabilities. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today