138 matches found
CVE-2018-3890
Summary: CVE-2018-3890 affects Yi Home Camera 27US 1.8.7.0D. A local/physical vulnerability in the firmware update path allows code execution via a crafted SD-card payload. The root cause is in the firmware update workflow: a crafted file triggers a logic flaw and command injection through the ex...
CVE-2018-3899
CVE-2018-3899 affects Yi Technology Home Camera 27US 1.8.7.0D QR code scanning. A crafted QR code can trigger a buffer overflow in trans_info during parsing of the fields for password and SSID, overwriting the return address and enabling code execution. The issue is documented as a QR code trans_...
CVE-2018-3899
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The transinfo call can overwrite a buffer of size 0x104, which is more than enough to...
CVE-2018-3890
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...
CVE-2018-3891
Yi Home Camera 27US (firmware 1.8.7.0D) has a downgrade vulnerability in the firmware update function. A specially crafted SD-card file can bypass version checks and force an older firmware image to install, due to a logic flaw in the update flow (ver/key handling allows downgrade). Impact: poten...
CVE-2018-3935
Yi Home Camera 27US 1.8.7.0D is affected by CVE-2018-3935 in the UDP-based p2p_tnp component. A specially crafted set of UDP packets can trigger a memory allocation on the device, leading to denial of service. Talos’ analysis centers on the CRCDec path inside PPPP_CRCDec, where a malloc is perfor...
CVE-2018-3892
An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...
CVE-2018-3891
An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability...
CVE-2018-3920
Vulnerability CVE-2018-3920 affects Yi Home Camera 27US with firmware 1.8.7.0D. A specially crafted 7-Zip file can trigger a CRC collision during firmware update via SD card, enabling local code execution on the device. Talos and NVD describe the impact as firmware-update abuse leading to arbitra...
CVE-2018-3898
Summary (concrete details from provided sources): CVE-2018-3898 affects the Yi Home Camera 27US running version 1.8.7.0D. The vulnerability exists in the QR code scanning path (trans_info), where a specially crafted QR code can cause a buffer overflow (buffer size 0x104) by overflowing the ssid_d...
Yi Home Camera Code Execution Vulnerability (CNVD-2018-22778)
Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the Cloud OTA Settings feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited by an attacker to achieve command injection via a specially crafted SSID, which can lead to code executi...
Yi Home Camera Information Disclosure Vulnerability
Yi Home Camera is an IoT home camera sold worldwide. An information disclosure vulnerability exists in the phone-to-camera communication of Yi Home Camera 27US 1.8.7.0D. An attacker can exploit this vulnerability by sniffing network traffic to obtain information...
Yi Home Camera Code Execution Vulnerability
Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the QR code scanning feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited to cause a buffer overflow via a specially crafted QR code, which can be used for code execution...
PT-2018-16326 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker ca...
PT-2018-16327 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the UDP network functionality. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker c...
PT-2018-16312 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An...
Yi Home Camera Denial of Service Vulnerability
Yi Home Camera is an IoT home camera sold worldwide. A denial of service vulnerability exists in the firmware update feature in Yi Home Camera 27US 1.8.7.0D. An attacker can exploit the vulnerability by sending a specially crafted set of UDP packets to cause a change in settings, which can lead t...
PT-2018-16283 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker...
PT-2018-16285 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable firmware downgrade vulnerability exists in the time syncing functionality. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can...
PT-2018-16292 · Yi · Yi Home Camera
Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the QR code scanning functionality. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans info call can...