PT-2018-16293 · Yi · Yi Home Camera
Published
2018-11-01
·
Updated
2023-02-02
·
CVE-2018-3900
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yi Home Camera 27US version 1.8.7.0D
Description
A code execution issue exists in the QR code scanning functionality. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can trigger this issue by making the camera scan a malicious QR code. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this issue.
Recommendations
For version 1.8.7.0D, as a temporary workaround, consider disabling the QR code scanning functionality until a patch is available. Avoid scanning QR codes from untrusted sources to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yi Home Camera