Vulnerabilities > CVE-2018-3920 - Unspecified vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

yitechnology

NVD

Published: 2018-11-02

Updated: 2023-02-02

Summary

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Yitechnology Yitechnology YI Home Camera Firmware 1.8.7.0D	1
Hardware	Yitechnology Yitechnology YI Home Camera -	1

Talos

id	TALOS-2018-0584
last seen	2019-05-29
published	2018-10-31
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0584
title	Yi Technology Home Camera 27US Firmware 7z CRC Collision Vulnerability

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0584