Quote:Multiple vulnerabilities were found in Yi Home Camera's firmware allowing potential attackers to execute code remotely via command injection, to bypass authentication, or to completely disable the device.

As detailed in Cisco Talos's advisory, all vulnerabilities have been patched in the latest firmware released by Yi Technology, but unpatched 27US version devices can still be exploited locally and remotely.

The Cisco Talos researchers discovered that while some of the vulnerabilities required attackers to have local access to the Yi Home Camera, the other ones would be exploitable remotely which makes updating the camera's firmware an urgent task to avoid having their devices hacked.