CVE-2018-3892 CRITICAL

CVE-2018-3892

Vendor Unknown
Product Yi Technology
Published November 2, 2018
Last update August 5, 2024

CVSS base score

9.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.

Key dates

02Disclosure timeline

November 2, 2018 CVE published
August 5, 2024 Record updated