Executive Summary

Informations
NameCVE-2018-3910First vendor Publication2018-11-01
VendorCveLast vendor Modification2019-01-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score5.4Attack RangeAdjacent network
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score5.5AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3910

CWE : Common Weakness Enumeration

%idName
100 %CWE-77Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Hardware1
Os1

Sources (Detail)

SourceUrl
MISC https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0580

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-01-30 21:18:46
  • Multiple Updates
2018-11-01 17:19:36
  • First insertion