Yi Technology vulnerabilities

CVE-2018-3910 [HIGH] CWE-78 CVE-2018-3910: An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home C An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their

CVE-2018-3947 [HIGH] CWE-200 CVE-2018-3947: An exploitable information disclosure vulnerability exists in the phone-to-camera communications of An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.

CVE-2018-3928 [HIGH] CWE-200 CVE-2018-3928: An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home C An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.

CVE-2018-3900 [HIGH] CWE-119 CVE-2018-3900: An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the