← Volver a CVEs
CVE-2024-56897
CRITICAL9.8
Descripcion
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/24/2025
Ultima modificacion3/3/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
yitechnology:yi_car_dashcamyitechnology:yi_car_dashcam_firmware
Debilidades (CWE)
CWE-434CWE-434
Referencias
https://github.com/geo-chen/YI-Smart-Dashcam/(cve@mitre.org)
https://yitechnology.com.sg/products/dash-camera/(cve@mitre.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.