CVE-2026-4475

HIGH

Yi Technology YI Home Camera ipc hard-coded credentials

Title source: cna

Description

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

[Vdb Entry] https://vuldb.com/?id.351765

[Signature, Permissions Required] https://vuldb.com/?ctiid.351765

[Third Party Advisory] https://vuldb.com/?submit.772996

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

Yi Technology/YI Home Camera 2 2.1.1_20171024151200

Published Mar 20, 2026

Tracked Since Mar 20, 2026