What is the severity of CVE-2024-56897?

The severity of CVE-2024-56897 is high due to improper access control allowing unauthorized actions on the YI Car Dashcam.

How do I fix CVE-2024-56897?

To fix CVE-2024-56897, it is recommended to update the YI Car Dashcam to the latest firmware version that addresses this vulnerability.

What are the risks associated with CVE-2024-56897?

The risks associated with CVE-2024-56897 include unauthorized file downloads, uploads, and modifications to device settings.

Which versions of YI Car Dashcam are affected by CVE-2024-56897?

CVE-2024-56897 specifically affects YI Car Dashcam firmware version 3.88.

What type of access does CVE-2024-56897 exploit?

CVE-2024-56897 exploits improper access control in the HTTP server to allow unrestricted access to API commands.

Vulnerability/
CVE-2024-56897

critical

9.8

CWE

434

24/2/2025

3/3/2025

CVE-2024-56897: Malicious File Upload

First published: Mon Feb 24 2025(Updated: )

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Yitechnology Yi Car Dashcam
All of
Yitechnology Yi Car Dashcam Firmware	=3.88
Yitechnology Yi Car Dashcam

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-56897?
The severity of CVE-2024-56897 is high due to improper access control allowing unauthorized actions on the YI Car Dashcam.
How do I fix CVE-2024-56897?
To fix CVE-2024-56897, it is recommended to update the YI Car Dashcam to the latest firmware version that addresses this vulnerability.
What are the risks associated with CVE-2024-56897?
The risks associated with CVE-2024-56897 include unauthorized file downloads, uploads, and modifications to device settings.
Which versions of YI Car Dashcam are affected by CVE-2024-56897?
CVE-2024-56897 specifically affects YI Car Dashcam firmware version 3.88.
What type of access does CVE-2024-56897 exploit?
CVE-2024-56897 exploits improper access control in the HTTP server to allow unrestricted access to API commands.

collector/mitre-cve
source/MITRE
agent/author
agent/first-publish-date
agent/source
agent/type
agent/references
agent/description
agent/weakness
agent/last-modified-date
agent/severity
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/yi
canonical/yitechnology yi car dashcam
vendor/yitechnology
canonical/yitechnology yi car dashcam firmware
version/yitechnology yi car dashcam firmware/3.88

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.