First published: Fri Sep 06 2019(Updated: )
An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xiaoyi Yi M1 Mirrorless Camera Firmware | =3.2-cn | |
Xiaoyi Yi M1 Mirrorless Camera |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-13953.
CVE-2019-13953 has a severity level of 8.8, which is considered high.
The affected software for CVE-2019-13953 is the Xiaoyi Yi M1 Mirrorless Camera Firmware version 3.2-cn.
An attacker can exploit CVE-2019-13953 by sending a set of Bluetooth Low Energy (BLE) commands to trigger an authentication bypass vulnerability in the Yi M1 Mirrorless Camera, resulting in sensitive data leakage.
At the time of writing, there is no information available about a patch or fix for CVE-2019-13953. It is recommended to follow the guidance provided by the vendor or the relevant security advisories.