Multiple vulnerabilities in Yi Home Camera
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2018-3890 CVE-2018-3891 CVE-2018-3892 CVE-2018-3898 CVE-2018-3899 CVE-2018-3900 CVE-2018-3910 CVE-2018-3928 CVE-2018-3934 CVE-2018-3947 CVE-2018-3935 CVE-2018-3920 |
| CWE-ID | CWE-78 CWE-264 CWE-120 CWE-121 CWE-20 CWE-592 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Yi Home Camera Hardware solutions / Firmware |
| Vendor | YI Technology |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) OS command injection
EUVDB-ID: #VU15685
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3890
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to a logic flaw during insufficient sanitization of user-supplied data. A physical attacker can insert an SD card to inject arbitrary OS commands and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0565
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Logic error
EUVDB-ID: #VU15686
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3891
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to downgrade firmware.
The vulnerability exists due to a logic flaw. A physical attacker can insert an SD card to downgrade firmware.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0566
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU15687
Risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3892
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow during insufficient sanitization of user-supplied data. An adjacent attacker can intercept and alter network traffic, trigger firmware downgrade in the time syncing functionality and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU15688
Risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3898
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow in the QR code scanning functionality during insufficient sanitization of user-supplied data. A remote attacker can trick the victim into displaying and scanning QR code from the internet to their camera, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0571
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU15689
Risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3899
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow in the QR code scanning functionality during insufficient sanitization of user-supplied data. A remote attacker can trick the victim into displaying and scanning QR code from the internet to their camera, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0571
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU15690
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3900
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote high-privileged attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow in the QR code scanning functionality during insufficient sanitization of user-supplied data. A remote attacker can trick the victim into displaying and scanning QR code from the internet to their camera, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0572
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) OS command injection
EUVDB-ID: #VU15692
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3910
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to a flaw in in the cloud OTA setup functionality during insufficient sanitization of user-supplied data. An adjacent attacker can trick the victim into connecting their camera to this SSID to inject arbitrary OS commands and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0580
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU15693
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3928
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in the firmware update functionality during insufficient sanitization of user-supplied data. A remote attacker can send a set of UDP packets, trigger a settings change and cause the service to crash.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0595
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Authorization bypass
EUVDB-ID: #VU15694
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3934
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to a logic flaw in the firmware update functionality during insufficient sanitization of user-supplied data. A remote attacker can sniff network traffic and send a set of UDP packets to bypass authentication and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0601
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU15695
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3947
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to a flaw in the phone-to-camera communications. A remote attacker can sniff network traffic and access arbitrary data.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0616
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU15696
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw in the UDP network functionality during insufficient sanitization of user-supplied data. A remote attacker can send a set of UDP packets, allocate unlimited memory and cause the service to crash.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://talosintelligence.com/vulnerability_reports/TALOS-2018-0602
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU16712
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3920
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to execute arbitrary code on the target system.
The vulnerability exists due to an error in the firmware update functionality during insufficient sanitization of user-supplied data. A physical attacker can insert an SDcard containing 7-Zip file, trigger a CRC collision and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to the latest version.
Vulnerable software versionsYi Home Camera: 27US 1.8.7.0D
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0584
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
