CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-3934

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile2.72th
Published2018年11月2日
Last Modified2024年11月21日

Vulnerability Description

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.

Affected Platforms (CPE)

💻
Yitechnology

Yi Home Camera Firmware

= 1.8.7.0d

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0601

相關漏洞威脅

CVE-2018-202999.8

An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware befor...

CVE-2018-38928.1

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specia...

CVE-2018-39287.5

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A special...

CVE-2018-38906.8

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A special...

CVE-2018-3934 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space