{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T21:34:48.159","vulnerabilities":[{"cve":{"id":"CVE-2024-56897","sourceIdentifier":"cve@mitre.org","published":"2025-02-24T16:15:12.463","lastModified":"2025-03-03T20:15:43.540","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset."},{"lang":"es","value":" El control de acceso inadecuado en el servidor HTTP de YI Car Dashcam v3.88 permite descargas y cargas de archivos sin restricciones y comandos API. Los comandos API también se pueden utilizar para realizar modificaciones no autorizadas en la configuración del dispositivo, como deshabilitar la grabación, deshabilitar los sonidos o restablecer los valores de fábrica."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:yitechnology:yi_car_dashcam_firmware:3.88:*:*:*:*:*:*:*","matchCriteriaId":"63900D3F-0040-45DC-9C91-34E968E71E43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:yitechnology:yi_car_dashcam:-:*:*:*:*:*:*:*","matchCriteriaId":"8489067E-ADD1-47A2-B515-256C4B276B17"}]}]}],"references":[{"url":"https://geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/geo-chen/YI-Smart-Dashcam/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://yitechnology.com.sg/products/dash-camera/","source":"cve@mitre.org","tags":["Broken Link"]}]}}]}