CVE-2018-3910
8.8
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Yi | Yi Technology | Yi Technology Home Camera 27US 1.8.7.0D | affected |
Weaknesses
- OS command injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.