CVE-2024-56897 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made…
Critical CVSS: 9.8

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.
Vendor
Yitechnology
Product
Yi Car Dashcam Firmware
CWE
CWE-434
Yayın Tarihi
2025-02-24 16:15:12
Güncelleme
2025-03-03 20:15:43
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-434 Yi Car Dashcam Firmware CRITICAL Yitechnology 2025

Referanslar

https://geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4 https://github.com/geo-chen/YI-Smart-Dashcam/ https://yitechnology.com.sg/products/dash-camera/