Browse all 4 CVE security advisories affecting Yi Technology. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yi Technology develops smart surveillance cameras and IoT devices for residential and commercial security. Their products have historically been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from inadequate input validation and weak authentication mechanisms. The company has faced scrutiny for multiple security incidents, including four publicly disclosed CVEs that allowed unauthorized access and device compromise. These vulnerabilities typically expose users to potential surveillance hijacking and data breaches due to unpatched firmware and default credentials. Security researchers have criticized the company's slow patch response times and lack of secure coding practices in their connected ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4478 | Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification — YI Home CameraCWE-347 | 8.1 | High | 2026-03-20 |
| CVE-2026-4477 | Yi Technology YI Home Camera WPA/WPS hard-coded key — YI Home CameraCWE-321 | 3.1 | Low | 2026-03-20 |
| CVE-2026-4476 | Yi Technology YI Home Camera CGI Endpoint ipc missing authentication — YI Home CameraCWE-306 | 6.3 | Medium | 2026-03-20 |
| CVE-2026-4475 | Yi Technology YI Home Camera ipc hard-coded credentials — YI Home CameraCWE-798 | 8.8 | High | 2026-03-20 |
This page lists every published CVE security advisory associated with Yi Technology. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.