YI Smart Dash Camera

CVE-2024–56897

Vulnerable Model

YI Smart Dash Camera
Firmware v3.88
Reference: https://yitechnology.com.sg/products/dash-camera/

Unrestricted HTTP server for file downloads, uploads, and API commands

Once connected to a YI Car Dashcam using default/weak credentials, the http server is open for direct access without further authentication. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.

http server with unrestricted downloads

scripted dump of all recordings

scripted change of camera settings

upload function open

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

YI Smart Dash Camera

Vulnerable Model

Unrestricted HTTP server for file downloads, uploads, and API commands

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

YI Smart Dash Camera

Vulnerable Model

Unrestricted HTTP server for file downloads, uploads, and API commands

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages