An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Yi_home_camera_firmware | Yitechnology | 1.8.7.0d (including) | 1.8.7.0d (including) |