Lucene search

[email protected]NVD:CVE-2023-47882

HistoryDec 27, 2023 - 9:15 p.m.

CVE-2023-47882

2023-12-2721:15:08

[email protected]

web.nvd.nist.gov

kami vision yi

iot

remote code execution

implicit intent

android

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

30.3%

JSON

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

Affected configurations

Nvd

Node

kamivisionyi_iotRange≤4.1.9_20231127android

VendorProductVersionCPE
kamivisionyi_iot*cpe:2.3:a:kamivision:yi_iot:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
kamivision	yi_iot	*	cpe:2.3:a:kamivision:yi_iot::::::android::*

References

github.com/actuator/yi/blob/main/CWE-319.md

play.google.com/store/apps/details?id=com.yunyi.smartcamera

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

30.3%

JSON

Related for NVD:CVE-2023-47882

cvelist1 cve1 prion1 githubexploit1