Avatar

Vulnerabilities Discovered by Lilith [x_x] of Cisco Talos.

Overview

Cisco Talos is disclosing multiple vulnerabilities in the firmware of the Yi Technology Home Camera. In order to prevent the exploitation of these vulnerabilities, Talos worked with Yi Technology to make sure a newer version of the firmware is available to users. These vulnerabilities could allow an attacker to gain remote code execution on the devices via a command injection, bypass methods of network authentication, or disable the device.

The Yi Home Camera is an internet-of-things (IoT) home camera sold globally. The 27US version is one of the newer models sold in the U.S. and is the most basic model out of the Yi Technology camera lineup.

It includes all the functions that one would expect from an IoT device, including the ability to view the camera’s feed from anywhere, offline storage, subscription-based cloud storage and easy setup.

Read the complete details here



Authors

Talos Group

Talos Security Intelligence & Research Group