Home / Vulnerability Intelligence / CVE-2026-4478

CVE-2026-4478 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 20, 2026

Yi Technology YI Home Camera 2 - Authentication Bypass

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Yi Technology YI Home Camera 2 2.1.1_20171024151200 contains a broken authentication caused by improper verification of cryptographic signature in HTTP Firmware Update Handler, letting remote attackers bypass authentication, exploit requires high attack complexity.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 1.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can bypass authentication, potentially leading to unauthorized access or control of the device.

Mitigation

Update to the latest firmware version provided by the vendor.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🟠 CVE-2026-4478 - High (8.1) A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryp... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4478/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4478
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed
EPSS: 1.0%
Social Posts: 1

CWE

CWE-345

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.0%Probability of exploitation in the next 30 days