2 matches found
Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)
A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2018-3892
CVE-2018-3892 affects Yi Home Camera 27US, 1.8.7.0D. Time-sync code path (yi_sync_time) contains a buffer overflow in the parsing of the response, triggered by specially crafted HTTP content, leading to remote code execution. The vulnerable routine relies on a stack-allocated buffer and unbounded...