CVE-2018-3890 HIGH

CVE-2018-3890

Vendor Unknown
Product Yi Technology
Published November 2, 2018
Last update August 5, 2024

CVSS base score

7.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability.

Key dates

02Disclosure timeline

November 2, 2018 CVE published
August 5, 2024 Record updated