Lucene search
K

5 matches found

prion
prion
added 2018/11/02 5:29 p.m.11 views

Design/Logic Flaw

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability...

4.6CVSS7AI score0.00586EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/11/02 5:29 p.m.35 views

CVE-2018-3899

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The transinfo call can overwrite a buffer of size 0x104, which is more than enough to...

8.3CVSS8.2AI score0.01932EPSS
Exploits1References1
cve
cve
added 2018/11/02 5:0 p.m.58 views

CVE-2018-3891

Yi Home Camera 27US (firmware 1.8.7.0D) has a downgrade vulnerability in the firmware update function. A specially crafted SD-card file can bypass version checks and force an older firmware image to install, due to a logic flaw in the update flow (ver/key handling allows downgrade). Impact: poten...

5.7CVSS4.7AI score0.00402EPSS
Exploits1References1Affected Software1
prion
prion
added 2018/11/01 3:29 p.m.16 views

Design/Logic Flaw

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

5CVSS7.6AI score0.02253EPSS
Exploits1References1Affected Software1
talos
talos
added 2018/10/31 12:0 a.m.864 views

Yi Technology Home Camera 27US Firmware Update Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...

7.6CVSS7.3AI score0.01672EPSS
Exploits1
Rows per page
Query Builder