Yassine Damiri

5 exploits Active since Mar 2025
CVE-2025-25680 WRITEUP HIGH WRITEUP
LSC Ptz Dual Band Camera Firmware - Code Injection
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera.
CVSS 7.7
CVE-2025-29659 WRITEUP CRITICAL WRITEUP
Yiiot Xy-3820 Firmware - Improper Authorization
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.
CVSS 9.8
CVE-2025-29659 WRITEUP CRITICAL WRITEUP
Yiiot Xy-3820 Firmware - Improper Authorization
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.
CVSS 9.8
CVE-2025-29660 WRITEUP CRITICAL WRITEUP
Yiiot Xy-3820 Firmware - Path Traversal
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
CVSS 9.8
CVE-2025-29660 WRITEUP CRITICAL WRITEUP
Yiiot Xy-3820 Firmware - Path Traversal
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
CVSS 9.8