Lucene search
K
YitechnologyYi Home

4 matches found

CVE
CVE
added 2018/11/02 5:0 p.m.71 views

CVE-2018-3935

Yi Home Camera 27US 1.8.7.0D is affected by CVE-2018-3935 in the UDP-based p2p_tnp component. A specially crafted set of UDP packets can trigger a memory allocation on the device, leading to denial of service. Talos’ analysis centers on the CRCDec path inside PPPP_CRCDec, where a malloc is perfor...

7.5CVSS7.5AI score0.02253EPSS
CVE
CVE
added 2018/11/01 3:0 p.m.60 views

CVE-2018-3900

CVE-2018-3900 affects Yi Home Camera 27US 1.8.7.0D; a specially crafted QR code exploits the QR code scanning path to trigger a buffer overflow and remote code execution. The root cause lies in the QR base64 parsing/decoding flow (b64_decode) with unbounded output, allowing stack writes that can ...

9.1CVSS8.9AI score0.02582EPSS
CVE
CVE
added 2018/11/01 3:0 p.m.60 views

CVE-2018-3947

The CVE-2018-3947 entry concerns Yi Home Camera 27US 1.8.7.0D. TALOS-2018-0616 documents a p2p_tnp cleartext data transmission vulnerability: the camera’s phone-to-camera communications over UDP are unencrypted, enabling an attacker who can sniff network traffic to disclose or manipulate data and...

9CVSS7.5AI score0.01257EPSS
CVE
CVE
added 2018/11/01 3:0 p.m.59 views

CVE-2018-3910

Yi Home Camera 27US 1.8.7.0D is affected by CVE-2018-3910 in the cloud OTA setup. Cisco Talos reports an exploitable remote code execution via a crafted SSID that triggers a command injection in the cloudAPI flow, which can be executed on the device after the camera connects to the attacker’s SSI...

8.8CVSS8AI score0.01635EPSS