{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4477", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-19T20:46:27.311Z", "datePublished": "2026-03-20T07:02:10.470Z", "dateUpdated": "2026-03-20T15:45:32.782Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T07:02:10.470Z"}, "title": "Yi Technology YI Home Camera WPA/WPS hard-coded key", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-321", "lang": "en", "description": "Use of Hard-coded Cryptographic Key"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-320", "lang": "en", "description": "Key Management Error"}]}], "affected": [{"vendor": "Yi Technology", "product": "YI Home Camera", "versions": [{"version": "2 2.1.1_20171024151200", "status": "affected"}], "modules": ["WPA/WPS"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack can only be done within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.8, "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-19T21:51:41.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "0rbitingZer0 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.351767", "name": "VDB-351767 | Yi Technology YI Home Camera WPA/WPS hard-coded key", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.351767", "name": "VDB-351767 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773095", "name": "Submit #773095 | yitechnology YI Home Camera 2 2.1.1_20171024151200 Hardcoded WPA/WPS", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T15:45:22.880805Z", "id": "CVE-2026-4477", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T15:45:32.782Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4477", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T15:45:22.880805Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T15:45:28.584Z"}}], "cna": {"title": "Yi Technology YI Home Camera WPA/WPS hard-coded key", "credits": [{"lang": "en", "type": "reporter", "value": "0rbitingZer0 (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.8, "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Yi Technology", "modules": ["WPA/WPS"], "product": "YI Home Camera", "versions": [{"status": "affected", "version": "2 2.1.1_20171024151200"}]}], "timeline": [{"lang": "en", "time": "2026-03-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-19T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-19T21:51:41.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351767", "name": "VDB-351767 | Yi Technology YI Home Camera WPA/WPS hard-coded key", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.351767", "name": "VDB-351767 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773095", "name": "Submit #773095 | yitechnology YI Home Camera 2 2.1.1_20171024151200 Hardcoded WPA/WPS", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack can only be done within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "Use of Hard-coded Cryptographic Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-320", "description": "Key Management Error"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T07:02:10.470Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4477", "state": "PUBLISHED", "dateUpdated": "2026-03-20T15:45:32.782Z", "dateReserved": "2026-03-19T20:46:27.311Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-20T07:02:10.470Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack can only be done within the local network. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-4477", "lastModified": "2026-03-20T13:37:50.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T07:16:14.497", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351767"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351767"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.773095"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-320"}, {"lang": "en", "value": "CWE-321"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2 2.1.1_20171024151200"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "YI Home Camera", "source": "cna", "vendor": "Yi Technology"}, "product": "yi_home_camera", "vendor": "yitechnology"}], "analysis": {"en": {"generated_at": "2026-03-20T08:50:55.651869+00:00", "value": {"mitigation_remediation": ["Check for and install any consensus firmware updates from Yi Technology that address the hard\u2011coded key issue.", "If no update is available, isolate the camera from critical network segments or place it on a dedicated VLAN.", "If the camera provides an option, disable WPS functionality to reduce the attack surface related to the vulnerable component.", "Monitor the local network for unusual activity that may indicate exploitation attempts.", "Verify that the camera\u2019s WPA configuration uses a unique, user\u2011defined key and replace the default key if necessary."], "summary": {"action": "Assess Impact", "impact": "Use of Hard\u2011coded Cryptographic Key"}, "threat_synthesis": {"affected_systems": "The affected product is Yi Technology YI Home Camera 2, specifically firmware version 2.1.1_20171024151200. No other versions are listed as affected in the data.", "description_and_impact": "A flaw was identified in the WPA/WPS component of the Yi Technology YI Home Camera 2. The vulnerability is triggered by executing a manipulation that causes the device to use a hard\u2011coded cryptographic key. The CVE description states that this action can lead to the use of the hard\u2011coded key but does not explicitly describe additional effects such as data decryption or unauthorized access.", "risk_and_exploitability": "This exploit requires local network access, entails high complexity and is reported as difficult to execute. The CVSS score is 2.3, EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The combination of local\u2011only attack surface, high complexity, and low severity score indicates a low to moderate overall risk, contingent on network segregation and device exposure."}}}}, "created": "2026-03-20T10:36:57.330349+00:00", "updated": "2026-03-20T16:27:59.982934+00:00", "vendors": ["yitechnology", "yitechnology$PRODUCT$yi_home_camera"]}