CVE-2026-4478 in YI Home Camera
Summary
by MITRE • 03/20/2026
A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/26/2026
This vulnerability resides within the Yi Technology YI Home Camera 2 firmware version 2.1.1_20171024151200 affecting the HTTP Firmware Update Handler component. The specific flaw occurs in the home/web/ipc file where cryptographic signature verification mechanisms fail to properly validate firmware updates. This represents a critical security weakness that allows attackers to bypass authentication and authorization controls during the firmware update process. The vulnerability's impact extends beyond simple access control as it potentially enables arbitrary code execution through malicious firmware payloads that can be silently installed on affected devices.
The technical nature of this flaw falls under CWE-327, which addresses the use of weak or broken cryptographic algorithms, and CWE-328, which covers the use of weak hash functions. The improper verification of cryptographic signatures creates a pathway for attackers to manipulate firmware update files without detection, as the system fails to validate the authenticity and integrity of the update content. This weakness directly relates to the ATT&CK framework's T1072 technique for "Software Deployment Tools" and T1547.001 for "Registry Run Keys / Startup Folder" as compromised firmware could establish persistent backdoors or modify system behavior. The high attack complexity stems from requiring both network access to the device and the ability to craft valid signature bypasses, though the public availability of exploit code significantly reduces the barrier to exploitation.
The operational impact of this vulnerability is severe for end users who rely on these security cameras for home monitoring and surveillance. Attackers can remotely install malicious firmware that may provide persistent access to the device, enable data exfiltration, or create botnet capabilities. The lack of vendor response to early disclosure attempts suggests a potential security gap in the device's support lifecycle, leaving users vulnerable for extended periods without official patches. This vulnerability affects the fundamental security model of the device, as it undermines the trust model that should exist between the device manufacturer and end users. The publicly available exploit increases the risk profile significantly, as it allows even less technically skilled attackers to compromise these devices. Organizations and individuals using these cameras face potential privacy violations, unauthorized surveillance access, and possible network compromise through the device as a foothold. The remote attack vector means that even users who do not actively interact with their camera's web interface remain at risk, as the vulnerability can be exploited through network-based attacks without requiring physical access or specialized local network knowledge.