Vulnerability Details CVE-2018-20007
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.1%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
Products affected by CVE-2018-20007
-
cpe:2.3:h:yeelight:smart_ai_speaker:-
-
cpe:2.3:o:yeelight:smart_ai_speaker_firmware:3.3.10_0074