CVE-2023-47882

HIGH

Kami Vision YI IoT <4.1.9_20231127 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-47882. PoCs published by actuator.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-23727, an exported WebView activity vulnerability in YI IoT's 'com.yunyi.smartcamera' app. It includes proof-of-concept code snippets for ADB and Java-based exploitation, demonstrating how arbitrary JavaScript execution can be achieved.

Description

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

Exploits (1)

nomisec WRITEUP 1 stars
by actuator · poc
https://github.com/actuator/yi

The repository provides a detailed technical analysis of CVE-2024-23727, an exported WebView activity vulnerability in YI IoT's 'com.yunyi.smartcamera' app. It includes proof-of-concept code snippets for ADB and Java-based exploitation, demonstrating how arbitrary JavaScript execution can be achieved.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: YI IoT 'com.yunyi.smartcamera' up to 4.1.9_20231127
No auth needed
Prerequisites: YI IoT app installed on the target device · ADB access or a malicious app installed on the same device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.1
EPSS 0.0048
EPSS Percentile 37.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (1)
kamivision/yi_iot < 4.1.9_20231127
Published Dec 27, 2023
Tracked Since Feb 18, 2026