CVE-2024-56897

Name of the Vulnerable Software and Affected Versions YI Car Dashcam version 3.88

Description The issue is related to improper access control in the HTTP server, allowing unauthorized actions such as unrestricted file downloads and uploads. Additionally, API commands can be made to modify device settings without proper authorization, including disabling recording, disabling sounds, and performing a factory reset.

Recommendations For YI Car Dashcam version 3.88, consider restricting access to the HTTP server and API commands until a patch is available. As a temporary workaround, avoid using the device's API for sensitive operations and limit access to the device's settings to prevent unauthorized modifications.