CVE-2026-4475
Hardcoded Credentials in Yi Home Camera 2 Local Network Access
Publication date: 2026-03-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yi_technology | yi_home_camera | 2.1.1_20171024151200 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Yi Technology YI Home Camera 2 version 2.1.1_20171024151200. It involves an unknown function within the file home/web/ipc that leads to the presence of hard-coded credentials. An attacker must have access to the local network to exploit this vulnerability. The exploit has been publicly disclosed, and the vendor did not respond to the disclosure.
How can this vulnerability impact me? :
The vulnerability allows an attacker with local network access to potentially use hard-coded credentials to gain unauthorized access to the device. This can lead to compromise of the camera's security, including unauthorized viewing or control of the camera, which may result in privacy breaches or further network exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know