ГлавнаяУязвимости → CVE-2024-56897
9.8критическая

CVE-2024-56897

Описание

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.

Затрагиваемое ПО
Yitechnology Yi car dashcam firmwareYitechnology Yi car dashcam
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4https://github.com/geo-chen/YI-Smart-Dashcam/https://yitechnology.com.sg/products/dash-camera/