Vulnerability Details CVE-2024-56897
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-56897
-
cpe:2.3:h:yitechnology:yi_car_dashcam:-
-
cpe:2.3:o:yitechnology:yi_car_dashcam_firmware:3.88