Vulnerabilities > CVE-2018-3934 - Unspecified vulnerability in Yitechnology YI Home Camera Firmware 1.8.7.0D

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
yitechnology
critical
NVD
Published: 2018-11-02
Updated: 2023-02-02

Summary

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Yitechnology
1
Hardware
Yitechnology
1

Talos

idTALOS-2018-0601
last seen2019-05-29
published2018-10-31
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0601
titleYi Technology Home Camera 27US nonce reuse authentication bypass vulnerability

References