CVE-2018-3892

CWE-120Classic Buffer OverflowCWE-119Buffer Overflow5 documents4 sources
Severity
8.1HIGH
EPSS
3.7%
top 11.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown YI TechnologyYitechnology YI Home Camera Firmware
Timeline
PublishedNov 2
Latest updateMay 13

Description

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/yi_technologyYi Technology Home Camera 27US 1.8.7.0D

🔴Vulnerability Details

2
GHSA
GHSA-fwpr-995q-w5qh: An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 12022-05-13
CVEList
CVE-2018-3892: An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 12018-11-02

💬Community

2
Bugzilla
CVE-2018-1000850 retrofit: Directory traversal in RequestBuilder allows manipulation of resources2019-01-07
Bugzilla
CVE-2018-1131 infinispan: deserialization of data in XML and JSON transcoders2018-05-09
CVE-2018-3892 (HIGH CVSS 8.1) | An exploitable firmware downgrade v | cvebase.io