Vulnerability identifier: #VU15686
Vulnerability risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Yi Home Camera
Hardware solutions /
Firmware
Vendor: YI Technology
Description
The vulnerability allows a physical attacker to downgrade firmware.
The vulnerability exists due to a logic flaw. A physical attacker can insert an SD card to downgrade firmware.
Mitigation
Update to the latest version.
Vulnerable software versions
Yi Home Camera: 27US 1.8.7.0D
External links
http://talosintelligence.com/vulnerability_reports/TALOS-2018-0566
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.