{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T12:14:38.940","vulnerabilities":[{"cve":{"id":"CVE-2018-3900","sourceIdentifier":"talos-cna@cisco.com","published":"2018-11-01T15:29:00.237","lastModified":"2024-11-21T04:06:15.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad de escaneo de códigos QR de Yi Home Camera 27US 1.8.7.0D. Un código QR especialmente manipulado puede provocar un desbordamiento de búfer que resulta en la ejecución de código. Un atacante puede hacer que la cámara escanee un código QR para provocar esta vulnerabilidad. Por otro lado, se podría convencer a un usuario para que muestre un código QR desde Internet a su cámara, lo que podría explotar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:yitechnology:yi_home_camera_firmware:1.8.7.0d:*:*:*:*:*:*:*","matchCriteriaId":"B11F5A23-96F7-4FC9-B5DB-FC1D9F5C00C6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:yitechnology:yi_home_camera:-:*:*:*:*:*:*:*","matchCriteriaId":"D317FA89-351E-4921-B72B-4EC3FFA18791"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yitechnology:yi_home:-:*:*:*:*:*:*:*","matchCriteriaId":"393CCEBE-0D15-4B2D-A147-FE9F4FCA4228"}]}]}],"references":[{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0572","source":"talos-cna@cisco.com","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0572","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}}]}