CVE-2026-4477

#!/usr/bin/env python3 # PoC for CVE-2026-4477: Hardcoded Cryptographic Key in YI Home Camera 2 # This script demonstrates how one might verify the presence of a hardcoded key # by checking against a known leaked key from firmware analysis. import hashlib # Simulated hardcoded key found in firmware analysis # In a real scenario, this would be extracted from the binary KNOWN_HARDCODED_KEY = "YiCameraDefaultSecretKey123" def check_vulnerability(target_ip): """ Simulates checking if the target device is vulnerable by attempting to decrypt a packet using the hardcoded key. """ print(f"[*] Checking target {target_ip} for CVE-2026-4477...") # Simulate capturing a handshake or encrypted packet # For demonstration, we assume we have captured a hash captured_hash = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd" # Example hash # Check if the hardcoded key produces the expected result # (This is a conceptual representation) if hashlib.md5(KNOWN_HARDCODED_KEY.encode()).hexdigest() == captured_hash: print("[!] Vulnerability Confirmed: Hardcoded key is active.") print(f"[+] Key used: {KNOWN_HARDCODED_KEY}") return True else: print("[-] Target does not appear to use the known hardcoded key.") return False if __name__ == "__main__": target = "192.168.1.100" # Example Local IP check_vulnerability(target)

{"cve": {"id": "CVE-2026-4477", "sourceIdentifier": "[email protected]", "published": "2026-03-20T07:16:14.497", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack can only be done within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue determinada en Yi Technology YI Home Camera 2 2.1.1_20171024151200. Esto afecta una función desconocida del componente WPA/WPS. Ejecutar una manipulación puede llevar al uso de clave criptográfica codificada de forma rígida. El ataque solo puede realizarse dentro de la red local. Este ataque se caracteriza por alta complejidad. La explotabilidad se reporta como difícil. El exploit ha sido divulgado públicamente y puede ser utilizado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.3, "baseSeverity": "LOW", "attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "baseScore": 1.8, "accessVector": "ADJACENT_NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 3.2, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-320"}, {"lang": "en", "value": "CWE-321"}]}], "references": [{"url": "https://vuldb.com/?ctiid.351767", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351767", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.773095", "source": "[email protected]"}]}}