Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTalosCVE-2018-3898
HistoryNov 02, 2018 - 5:29 p.m.

CVE-2018-3898

2018-11-0217:29:00
CWE-120
talos
web.nvd.nist.gov
31
cve
2018
3898
code execution
vulnerability
yi home camera
buffer overflow
qr code scanning
nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.1%

JSON

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field.

Affected configurations

Nvd
Vulners
Node
yitechnologyyi_home_camera_firmwareMatch1.8.7.0d
AND
yitechnologyyi_home_cameraMatch-
VendorProductVersionCPE
yitechnologyyi_home_camera_firmware1.8.7.0dcpe:2.3:o:yitechnology:yi_home_camera_firmware:1.8.7.0d:*:*:*:*:*:*:*
yitechnologyyi_home_camera-cpe:2.3:h:yitechnology:yi_home_camera:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Yi Technology",
    "vendor": "unknown",
    "versions": [
      {
        "status": "affected",
        "version": "Yi Technology Home Camera 27US 1.8.7.0D"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
talos 1
talosblog 1
threatpost 1
prion
prion
Buffer overflow
2018-11-02 17:29:00
nvd
nvd
CVE-2018-3898
2018-11-02 17:29:00
cvelist
cvelist
CVE-2018-3898
2018-11-02 17:00:00
talos
talos
Yi Technology Home Camera 27US QR Code trans_info Code Execution Vulnerability
2018-10-31 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera
2018-10-31 13:18:00
threatpost
threatpost
Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities
2018-11-01 21:50:15

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.1%

JSON
Related for CVE-2018-3898
prion1nvd1cvelist1talos1talosblog1threatpost1