Vulnerabilities > CVE-2023-47882 - Unspecified vulnerability in Kamivision YI IOT 4.1.920231127

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

kamivision

NVD

Published: 2023-12-27

Updated: 2024-11-21

Summary

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

Vulnerable Configurations

Part	Description	Count
Application	Kamivision Kamivision YI IOT - Kamivision YI IOT 4.1.9_20231127	2

References

https://github.com/actuator/yi/blob/main/CWE-319.md
https://github.com/actuator/yi/blob/main/CWE-319.md
https://play.google.com/store/apps/details?id=com.yunyi.smartcamera
https://play.google.com/store/apps/details?id=com.yunyi.smartcamera