Unrated severityNVD Advisory· Published May 16, 2019· Updated Aug 5, 2024
CVE-2018-20007
CVE-2018-20007
Description
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Yeelight/Smart AI Speakerdescription
- Range: = 3.3.10_0074
Patches
Vulnerability mechanics
References
2- forum.yeelight.commitrex_refsource_MISC
- payatu.com/yeelight-smart-ai-speaker-responsible-disclosure/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.