LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-4475

CVE-2026-4475 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Yi Technology YI Home Camera 2 - Hardcoded Credentials

Published: March 20, 2026Updated: March 20, 2026

Overview

Yi Technology YI Home Camera 2 2.1.1_20171024151200 contains a hardcoded credentials vulnerability caused by manipulation of an unknown function in home/web/ipc, letting attackers with local network access gain unauthorized access.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 2.1%(Probability of exploitation in next 30 days)

Impact

Attackers on the local network can gain unauthorized access using hardcoded credentials, compromising device security.

Mitigation

Update to the latest available version or contact vendor for a patch.

References

Social Media Activity(3 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-4475 - High (8.8) A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4475/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-4475 - High (8.8) A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4475/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-4475 - High (8.8) A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-4475/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-4475
Severity
High
CVSS Score
8.8
Type
hardcoded_credentials
Status
unconfirmed
EPSS
2.1%
Social Posts
3

CWE

  • CWE-259

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.1%Probability of exploitation in the next 30 days