CVE-2018-20007
NONE EPSS 38.3%
Published May 16, 20197y ago · Modified Jun 17, 20262w ago
Published May 16, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.
Threat Intelligence
EPSS Exploit Probability
38.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-732
Affected Products 2
References 2
- forum.yeelight.com https://forum.yeelight.com/
- payatu.com https://payatu.com/yeelight-smart-ai-speaker-responsible-disclosure/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.