CVE-2018-3934

Name of the Vulnerable Software and Affected Versions Yi Home Camera version 1.8.7.0D

Description An exploitable code execution issue exists in the firmware update functionality. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this issue.

Recommendations For Yi Home Camera version 1.8.7.0D, as a temporary workaround, consider restricting access to the firmware update functionality until a patch is available. Avoid using the firmware update feature over unsecured networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.