EUVD-2026-13602CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
The Yi Technology YI Home Camera 2 version 2.1.1_20171024151200 contains a cryptographic signature verification vulnerability in its HTTP firmware update handler, specifically in the home/web/ipc file component. An attacker can exploit this remotely (network-accessible) to bypass firmware integrity checks and potentially install malicious firmware, though the attack complexity is high and exploitation is considered difficult. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Yi Home Camera 2 version 2.1.1_20171024151200 devices in your environment and isolate them to restricted network segments if possible. Within 7 days: Implement network-level access controls restricting camera firmware update channels and monitor for suspicious update attempts; contact Yi Technology for guidance on mitigation options. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today