Vulnerabilities in the Yi Technology Home Camera version 27US have been found. Five of them allow remote compromise of the IoT gadgets, so attackers can intercept video feeds and more. Five flaws in the camera’s firmware open the door to command injection, network authentication bypass and the ability to disable the device. Fixes for all 10 flaws are available in the latest version of the camera s firmware, Cisco Talos researchers said. An attacker can observe and tamper with network traffic using an available packet-sniffer, like Wireshark, to gain administrative access to the camera.
Source: https://threatpost.com/yi-iot-home-camera-riddled-with-code-execution-vulnerabilities/138741/