Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-3910

Опубликовано: 01 нояб. 2018
Источник: nvd
CVSS3: 8.8
CVSS3: 8
CVSS2: 5.4
EPSS Низкий

Описание

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:yitechnology:yi_home_camera_firmware:1.8.7.0d:*:*:*:*:*:*:*
cpe:2.3:h:yitechnology:yi_home_camera:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:yitechnology:yi_home:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%
0.00144
Низкий

8.8 High

CVSS3

8 High

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-7969-vfgw-xwqv

CVSS3: 8
github
больше 3 лет назад

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.

EPSS

Процентиль: 35%
0.00144
Низкий

8.8 High

CVSS3

8 High

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-78