CVE-2026-4475

Yi Technology YI Home Camera ipc hard-coded credentials

CVSS 8.7 HIGHEPSS 0.3%CWE-259 CWE-798

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Produtos afetados

Yi Technology · YI Home Camera

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://vuldb.com/?ctiid.351765 https://vuldb.com/?id.351765 https://vuldb.com/?submit.772996