CVE-2018-20007

Name of the Vulnerable Software and Affected Versions Yeelight Smart AI Speaker version 3.3.10 0074

Description The issue allows physical attackers to exploit improper access control over the UART interface, gaining a root shell. This access enables the exfiltration of audio data, reading of cleartext Wi-Fi credentials from a log file, and accessing other sensitive device and user information.

Recommendations For Yeelight Smart AI Speaker version 3.3.10 0074, consider restricting physical access to the device until a fix is available, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.