PT-2018-16284 · Yi · Yi Home Camera
Published
2018-11-02
·
Updated
2023-02-02
·
CVE-2018-3891
CVSS v3.1
5.7
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Yi Home Camera 27US version 1.8.7.0D
Description
A firmware downgrade vulnerability exists in the firmware update functionality. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this issue.
Recommendations
For Yi Home Camera 27US version 1.8.7.0D, as a temporary workaround, consider disabling the firmware update functionality until a patch is available. Restrict access to the SD card slot to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Yi Home Camera