Wednesday, October 31, 2018

Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera


Threat Research

Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera

Vulnerabilities Discovered by Lilith [x_x] of Cisco Talos.

Overview

Cisco Talos is disclosing multiple vulnerabilities in the firmware of the Yi Technology Home Camera. In order to prevent the exploitation of these vulnerabilities, Talos worked with Yi Technology to make sure a newer version of the firmware is available to users. These vulnerabilities could allow an attacker to gain remote code execution on the devices via a command injection, bypass methods of network authentication, or disable the device.

The Yi Home Camera is an internet-of-things (IoT) home camera sold globally. The 27US version is one of the newer models sold in the U.S. and is the most basic model out of the Yi Technology camera lineup.

It includes all the functions that one would expect from an IoT device, including the ability to view the camera’s feed from anywhere, offline storage, subscription-based cloud storage and easy setup.

Read the complete details here

Tags:



from Cisco Blog » Security https://ift.tt/2QakSUf

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.