Vulnerabilities > CVE-2018-3891 - Unspecified vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

yitechnology

NVD

Published: 2018-11-02

Updated: 2023-02-02

Summary

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Yitechnology Yitechnology YI Home Camera Firmware 1.8.7.0D	1
Hardware	Yitechnology Yitechnology YI Home Camera -	1

Talos

id	TALOS-2018-0566
last seen	2019-05-29
published	2018-10-31
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0566
title	Yi Technology Home Camera 27US Firmware Downgrade Vulnerability

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0566