CVE-2018-3890

Summary

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
unknownYi TechnologyYi Technology Home Camera 27US 1.8.7.0Daffected

Weaknesses

  • command injection

ADP Enrichment

CVE Program Container

Additional References

References