An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 18.104.22.168D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.
published: 2. 11. 2018