Which versions of Yi Technology YI Home Camera are affected by CVE-2026-4477?

CVE-2026-4477 is a low-severity vulnerability in A vulnerability (CVSS 3.1). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…

Yi Technology YI Home Camera CVE-2026-4477

Q: What is the CVSS score of CVE-2026-4477?

CVE-2026-4477 has a CVSS 4.0 base score of 1.3 (Low). CVSS vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-13600 LOW

Key Management Errors (CWE-320)

2026-03-20 cna@vuldb.com

Information Disclosure

1.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.3 (LOW) 1.3 (LOW)

CVSS changed

Apr 22, 2026 - 21:37 NVD

3.1 (LOW) 2.3 (LOW)

EUVD ID Assigned

Mar 20, 2026 - 08:37 euvd

EUVD-2026-13600

Analysis Generated

Mar 20, 2026 - 08:37 vuln.today

CVE Published

Mar 20, 2026 - 07:16 nvd

LOW 3.1

DescriptionNVD

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Yi Technology YI Home Camera 2 (version 2.1.1_20171024151200) contains a hard-coded cryptographic key vulnerability in its WPA/WPS component that allows attackers to disclose sensitive information through local network access. While the exploit has been publicly disclosed and proof-of-concept code is available, the attack requires high complexity and difficult exploitability, limiting real-world risk to local network environments only. …

RemediationAI

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4477 vulnerability details – vuln.today

Back