CVE-2018-20007

NONE EPSS 38.3%
Published May 16, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 16, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.

Threat Intelligence

EPSS Exploit Probability
38.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-732

Affected Products 2

VendorProductVersionRange
yeelightsmart_ai_speaker_firmware3.3.10_0074any
yeelightsmart_ai_speaker*any

References 2

  • forum.yeelight.com https://forum.yeelight.com/
    Vendor Advisory
  • payatu.com https://payatu.com/yeelight-smart-ai-speaker-responsible-disclosure/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.