CVE-2026-4478

HIGH 8.1

Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

1th

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-347 CWE-345
Vendor	yi technology
Product	yi home camera
Published	Mar 20, 2026
Last Updated	Mar 20, 2026

Stay Ahead of the Next One

Get instant alerts for yi technology yi home camera

Be the first to know when new high vulnerabilities affecting yi technology yi home camera are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Yi Technology / YI Home Camera

2 2.1.1_20171024151200

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.351768 vuldb.com: https://vuldb.com/?ctiid.351768 vuldb.com: https://vuldb.com/?submit.773162

Credits

🔍 0rbitingZer0 (VulDB User) VulDB