CVE-2026-4478

HIGH EPSS 18.9%

Published Mar 20, 20263mo ago · Modified Apr 22, 20262mo ago

8.2 CVSS 4.0

High

Published Mar 20, 2026 3mo ago

Last Modified Apr 22, 2026 2mo ago

Description

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

8.2

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

18.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-345

CWE-347

References 3

vuldb.com https://vuldb.com/?ctiid.351768
vuldb.com https://vuldb.com/?id.351768
vuldb.com https://vuldb.com/?submit.773162

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.