Lucene search
K

138 matches found

CVE
CVE
added 2018/11/02 5:0 p.m.80 views

CVE-2018-3890

Summary: CVE-2018-3890 affects Yi Home Camera 27US 1.8.7.0D. A local/physical vulnerability in the firmware update path allows code execution via a crafted SD-card payload. The root cause is in the firmware update workflow: a crafted file triggers a logic flaw and command injection through the ex...

7.6CVSS7AI score0.01672EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/02 5:0 p.m.62 views

CVE-2018-3899

CVE-2018-3899 affects Yi Technology Home Camera 27US 1.8.7.0D QR code scanning. A crafted QR code can trigger a buffer overflow in trans_info during parsing of the fields for password and SSID, overwriting the return address and enabling code execution. The issue is documented as a QR code trans_...

8.3CVSS8AI score0.01932EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/02 5:0 p.m.32 views

CVE-2018-3899

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The transinfo call can overwrite a buffer of size 0x104, which is more than enough to...

8.3CVSS8AI score0.01932EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/02 5:0 p.m.26 views

CVE-2018-3890

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...

7.6CVSS7.1AI score0.01672EPSS
Exploits1References1
CVE
CVE
added 2018/11/02 5:0 p.m.58 views

CVE-2018-3891

Yi Home Camera 27US (firmware 1.8.7.0D) has a downgrade vulnerability in the firmware update function. A specially crafted SD-card file can bypass version checks and force an older firmware image to install, due to a logic flaw in the update flow (ver/key handling allows downgrade). Impact: poten...

5.7CVSS4.7AI score0.00402EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/02 5:0 p.m.71 views

CVE-2018-3935

Yi Home Camera 27US 1.8.7.0D is affected by CVE-2018-3935 in the UDP-based p2p_tnp component. A specially crafted set of UDP packets can trigger a memory allocation on the device, leading to denial of service. Talos’ analysis centers on the CRCDec path inside PPPP_CRCDec, where a malloc is perfor...

7.5CVSS7.5AI score0.02253EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/02 5:0 p.m.18 views

CVE-2018-3892

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

9.6CVSS8.3AI score0.02655EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/02 5:0 p.m.20 views

CVE-2018-3891

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability...

5.7CVSS4.7AI score0.00402EPSS
Exploits1References1
CVE
CVE
added 2018/11/02 5:0 p.m.65 views

CVE-2018-3920

Vulnerability CVE-2018-3920 affects Yi Home Camera 27US with firmware 1.8.7.0D. A specially crafted 7-Zip file can trigger a CRC collision during firmware update via SD card, enabling local code execution on the device. Talos and NVD describe the impact as firmware-update abuse leading to arbitra...

7.6CVSS6.9AI score0.00586EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/02 5:0 p.m.57 views

CVE-2018-3898

Summary (concrete details from provided sources): CVE-2018-3898 affects the Yi Home Camera 27US running version 1.8.7.0D. The vulnerability exists in the QR code scanning path (trans_info), where a specially crafted QR code can cause a buffer overflow (buffer size 0x104) by overflowing the ssid_d...

8.3CVSS8AI score0.01932EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/02 12:0 a.m.5 views

Yi Home Camera Code Execution Vulnerability (CNVD-2018-22778)

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the Cloud OTA Settings feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited by an attacker to achieve command injection via a specially crafted SSID, which can lead to code executi...

8.8CVSS8.8AI score0.01635EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.6 views

Yi Home Camera Information Disclosure Vulnerability

Yi Home Camera is an IoT home camera sold worldwide. An information disclosure vulnerability exists in the phone-to-camera communication of Yi Home Camera 27US 1.8.7.0D. An attacker can exploit this vulnerability by sniffing network traffic to obtain information...

9CVSS8.3AI score0.01257EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.4 views

Yi Home Camera Code Execution Vulnerability

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the QR code scanning feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited to cause a buffer overflow via a specially crafted QR code, which can be used for code execution...

9.1CVSS9.5AI score0.02582EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/11/02 12:0 a.m.5 views

PT-2018-16326 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker ca...

9.8CVSS9.2AI score0.02633EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/11/02 12:0 a.m.4 views

PT-2018-16327 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the UDP network functionality. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker c...

7.5CVSS7.6AI score0.02253EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/11/02 12:0 a.m.4 views

PT-2018-16312 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An...

7.6CVSS7.2AI score0.00586EPSS
Exploits1References3
CNVD
CNVD
added 2018/11/02 12:0 a.m.5 views

Yi Home Camera Denial of Service Vulnerability

Yi Home Camera is an IoT home camera sold worldwide. A denial of service vulnerability exists in the firmware update feature in Yi Home Camera 27US 1.8.7.0D. An attacker can exploit the vulnerability by sending a specially crafted set of UDP packets to cause a change in settings, which can lead t...

7.5CVSS7.3AI score0.02253EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/11/02 12:0 a.m.7 views

PT-2018-16283 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker...

7.6CVSS7.3AI score0.01672EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/11/02 12:0 a.m.4 views

PT-2018-16285 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable firmware downgrade vulnerability exists in the time syncing functionality. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can...

9.6CVSS8.8AI score0.02655EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/11/02 12:0 a.m.6 views

PT-2018-16292 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the QR code scanning functionality. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans info call can...

8.3CVSS8.2AI score0.01932EPSS
Exploits1References3
Rows per page
Query Builder