CVE-2026-4475

Yi Technology YI Home Camera ipc hard-coded credentials

CVSS 8.7 HIGHEPSS 0.3%CWE-259 CWE-798

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 mar 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

Yi Technology · YI Home Camera

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vuldb.com/?ctiid.351765 https://vuldb.com/?id.351765 https://vuldb.com/?submit.772996