CVE-2019-13953

Name of the Vulnerable Software and Affected Versions YI M1 Mirrorless Camera version V3.2-cn

Description An authentication bypass issue exists in the Bluetooth Low Energy (BLE) authentication module, allowing an attacker to send a set of BLE commands and trigger the issue. This results in sensitive data leakage, such as personal photos. Additionally, an attacker can control the camera to record or take a picture after bypassing authentication.

Recommendations For YI M1 Mirrorless Camera version V3.2-cn, as a temporary workaround, consider disabling the BLE authentication module until a patch is available. Restrict access to the camera's BLE functionality to minimize the risk of exploitation. Avoid using the camera's BLE features until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.