4.6
CVSSv2

CVE-2018-3890

Published: 02/11/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability.

Vulnerability Trend

Recent Articles

Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities
Threatpost • Tara Seals • 01 Nov 2018

Multiple vulnerabilities in the firmware used by the Yi Technology Home Camera version 27US have been found, which could allow remote code-execution on the connected devices.
The Yi Home Camera i27US is one of the newer IoT camera models sold in the U.S. It’s an entry-level gadget, which lets owners view the camera’s feed from anywhere, and features offline storage and subscription-based cloud storage.
First uncovered by Cisco Talos and disclosed Wednesday, five flaws in the firm...