Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

April 22, 2025

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Security researcher Yassine Damiri has uncovered two critical vulnerabilities in the Yi IOT XY-3820 smart camera, posing significant security risks. Both flaws, rated CVSS 9.8, allow unauthenticated a …

Published Date:
Apr 23, 2025 (1 hour, 2 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-29660

CVE-2025-29659

CVE-2025-25427

Source: Read More

Previous ArticleStored XSS Flaw in TP-Link WR841N Routers Could Expose Admin Credentials (CVE-2025-25427)

Next Article Zyxel Patches High-Severity Security Flaws in USG FLEX H Firewalls

Highlights

CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

June 3, 2025

CVE ID : CVE-2025-5505

Published : June 3, 2025, 3:16 p.m. | 17 minutes ago

Description : A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

YouTube app for Xbox, PlayStation, and Smart TVs gets a refreshing update that fixes a frustrating flaw

April 29, 2025

Top 5 Scariest Zombie Botnets

April 9, 2025

Google Launches Gemini 2.5 Pro I/O: Outperforms GPT-4 in Coding, Supports Native Video Understanding and Leads WebDev Arena

May 8, 2025

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

Dune: Awakening is already making big waves before it’s even fully released

MSI Claw owners need to grab this Intel Arc GPU driver update to fix an irritating audio bug on their Windows 11 handhelds

PC Gaming Show returns June 8 — here’s when and how to watch the show

You can now buy two Nintendo Switch 2 consoles for the price of one ROG Ally X

Master Image Processing in Node.js Using Sharp for Fast Web Apps

Master Image Processing in Node.js Using Sharp for Fast Web Apps

mkocansey/bladewind

Handling PostgreSQL Migrations in Node.js

Windows 11’s Android (WSA) finally loses support, but can you still install it?

Windows 11’s Android (WSA) finally loses support, but can you still install it?

Sitegen is a simple but flexible static site generator

Nephele is a pluggable WebDAV server

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Xbox and Microsoft reveal global price increases for consoles, accessories — and even games

NVIDIA Fixes High-Severity Vulnerability in TensorRT-LLM

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Microsoft Teams to block “unauthorized screen captures” — This new Prevent Screen Capture tool improves your privacy

CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

YouTube app for Xbox, PlayStation, and Smart TVs gets a refreshing update that fixes a frustrating flaw

Top 5 Scariest Zombie Botnets

Google Launches Gemini 2.5 Pro I/O: Outperforms GPT-4 in Coding, Supports Native Video Understanding and Leads WebDev Arena

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Related Posts