CVE-2026-4476

MEDIUM 6.3

Yi Technology YI Home Camera CGI Endpoint ipc missing authentication

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

6th

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-306 CWE-287
Vendor	yi technology
Product	yi home camera
Published	Mar 20, 2026
Last Updated	Mar 20, 2026

Stay Ahead of the Next One

Get instant alerts for yi technology yi home camera

Be the first to know when new medium vulnerabilities affecting yi technology yi home camera are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Yi Technology / YI Home Camera

2 2.1.1_20171024151200

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.351766 vuldb.com: https://vuldb.com/?ctiid.351766 vuldb.com: https://vuldb.com/?submit.773070

Credits

🔍 0rbitingZer0 (VulDB User) VulDB