CVE-2018-3890

CWE-78OS Command Injection3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.5%
top 34.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown YI TechnologyYitechnology YI Home Camera Firmware
Timeline
PublishedNov 2
Latest updateMay 13

Description

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/yi_technologyYi Technology Home Camera 27US 1.8.7.0D

🔴Vulnerability Details

2
GHSA
GHSA-7q2c-44rw-vxcc: An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 12022-05-13
CVEList
CVE-2018-3890: An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 12018-11-02
CVE-2018-3890 (MEDIUM CVSS 6.8) | An exploitable code execution vulne | cvebase.io