PT-2018-16327 · Yi · Yi Home Camera
Published
2018-11-02
·
Updated
2023-02-02
·
CVE-2018-3935
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Yi Home Camera 27US version 1.8.7.0D
Description
An exploitable code execution issue exists in the UDP network functionality. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this issue.
Recommendations
For Yi Home Camera 27US version 1.8.7.0D, consider restricting access to the UDP network functionality until a patch is available. As a temporary workaround, disabling the UDP network functionality can help minimize the risk of exploitation.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yi Home Camera