Yi Home Camera Code Execution Vulnerability (CNVD-2018-22812)

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the QR code scanning feature of Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited by an attacker to cause a buffer overflow via a specially crafted QR code, which can be used for code...

Yi Home Camera Firmware Downgrade Vulnerability (CNVD-2018-22809)

Yi Home Camera is an IoT home camera sold worldwide. A firmware downgrade vulnerability exists in the firmware update feature of the Yi Home Camera 27US 1.8.7.0D. An attacker can cause a logic flaw by inserting an SD card and exploiting the vulnerability via a specially crafted file, from which a...

Design/Logic Flaw

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability...

CVE-2018-3899

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The transinfo call can overwrite a buffer of size 0x104, which is more than enough to...

CVE-2018-3891

Yi Home Camera 27US (firmware 1.8.7.0D) has a downgrade vulnerability in the firmware update function. A specially crafted SD-card file can bypass version checks and force an older firmware image to install, due to a logic flaw in the update flow (ver/key handling allows downgrade). Impact: poten...

Yi Home Camera Code Execution Vulnerability

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the QR code scanning feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited to cause a buffer overflow via a specially crafted QR code, which can be used for code execution...

Yi Home Camera Code Execution Vulnerability (CNVD-2018-22778)

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the Cloud OTA Settings feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited by an attacker to achieve command injection via a specially crafted SSID, which can lead to code executi...

PT-2018-16292 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the QR code scanning functionality. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans info call can...

Design/Logic Flaw

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

Yi Technology Home Camera 27US nonce reuse authentication bypass vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to...

Yi Technology Home Camera 27US cloudAPI SSID Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerabilit...

Yi Technology Home Camera 27US Firmware Update Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...