CVE-2018-3900

Published: Nov 1, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability.

Affected (2)

Products: Yitechnology: Yi Home Camera Firmware, Yi Home

2 products

Yi Home Camera Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yitechnology Yi Home Camera Firmware	Version 1.8.7.0d

Running on/with	Platform Versions
Yitechnology Yi Home Camera	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Yitechnology Yi Home	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0572

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0572

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.