Which versions of YI Home Camera 2 are affected by CVE-2026-4475?

YI Home Camera 2 devices running firmware 2.1.1_20171024151200 contain hard-coded credentials that allow attackers on the same network to take complete control without authentication, compromising…

YI Home Camera 2 CVE-2026-4475

Q: What is the CVSS score of CVE-2026-4475?

CVE-2026-4475 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-13591 HIGH

Use of Hard-coded Password (CWE-259)

2026-03-20 cna@vuldb.com

Authentication Bypass

7.4

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:35 vuln.today

v2 (cvss_changed)

CVSS changed

Apr 29, 2026 - 01:11 NVD

8.7 (HIGH) 7.4 (HIGH)

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

CVSS changed

Apr 22, 2026 - 21:37 NVD

8.8 (HIGH) 8.7 (HIGH)

EUVD ID Assigned

Mar 20, 2026 - 08:37 euvd

EUVD-2026-13591

Analysis Generated

Mar 20, 2026 - 08:37 vuln.today

CVE Published

Mar 20, 2026 - 07:16 nvd

HIGH 8.8

DescriptionNVD

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Hard-coded credentials in YI Home Camera 2 firmware 2.1.1_20171024151200 allow adjacent network attackers to gain complete device control without authentication. The vulnerability exists in the /home/web/ipc file component and enables full compromise of confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Inventory all YI Home Camera 2 devices and identify those running firmware 2.1.1_20171024151200; isolate affected units to a segregated network segment or VLAN. Within 7 days: Contact Yi Technology support for firmware update availability and evaluate replacement with patched-firmware devices or alternative vendors; implement network access controls (ACLs) blocking unauthenticated device communication. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4475 vulnerability details – vuln.today

Back

YI Home Camera 2 CVE-2026-4475

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

YI Home Camera 2 CVE-2026-4475

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code