Vulnerabilities > CVE-2019-13953 - Unspecified vulnerability in Xiaoyi YI M1 Mirrorless Camera Firmware 3.2Cn

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

xiaoyi

NVD

Published: 2019-09-06

Updated: 2024-11-21

Summary

An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication.

Vulnerable Configurations

Part	Description	Count
OS	Xiaoyi Xiaoyi YI M1 Mirrorless Camera Firmware 3.2-Cn	1
Hardware	Xiaoyi Xiaoyi YI M1 Mirrorless Camera -	1

References

https://www.cnvd.org.cn/flaw/show/CNVD-2019-23494
https://www.cnvd.org.cn/flaw/show/CNVD-2019-23494