18 matches found
EUVD-2025-12371
Malicious code in bioql PyPI...
EUVD-2025-12376
Malicious code in bioql PyPI...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
PT-2025-17440 · Yi · Yi Iot Xy-3820
Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: The issue concerns a Remote Command Execution vulnerability via the cmd listen function located in the cmd binary. This allows for unauthorized execution of commands, potentially leading to a full...
Yi IOT XY-3820 安全漏洞
Yi IOT XY-3820 is a wireless security camera from Yi IOT. A security vulnerability exists in the Yi IOT XY-3820 version 6.0.24.10, which stems from the cmdlisten function in the cmd binary being vulnerable to remote command execution attacks...
Yi IOT XY-3820 安全漏洞
Yi IOT XY-3820 is a wireless security camera from Yi IOT. A security vulnerability exists in the Yi IOT XY-3820 version v6.0.24.10, which stems from a lack of input validation of a TCP service exposed by the daemon on port 6789, which could lead to the execution of arbitrary scripts on the device...
CVE-2025-29659
CVE-2025-29659 affects Yi IOT XY-3820, version 6.0.24.10. The vulnerability is a Remote Command Execution via the cmd_listen function in the cmd binary, with network access and no user interaction required (CVSS v3.1: 9.8, Critical). The reports do not specify a fixed version; a workaround sugges...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
PT-2025-17441 · Yi · Yi Iot Xy-3820
Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: A vulnerability exists in the daemon process of the Yi IOT XY-3820, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary...
CVE-2025-29660
The CVE-2025-29660 vulnerability affects Yi IOT XY-3820, firmware v6.0.24.10, in the daemon that listens on TCP port 6789. The issue stems from improper input validation, allowing directory traversal via crafted TCP requests, which permits remote unauthenticated execution of arbitrary scripts on ...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities
Multiple vulnerabilities in the firmware used by the Yi Technology Home Camera version 27US have been found, which could allow remote code-execution on the connected devices. The Yi Home Camera i27US is one of the newer IoT camera models sold in the U.S. It’s an entry-level gadget, which lets...