Critical severity9.8NVD Advisory· Published Feb 24, 2025· Updated Jun 17, 2026
CVE-2024-56897
CVE-2024-56897
Description
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =3.88
Patches
Vulnerability mechanics
References
2- geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4nvdExploitThird Party Advisory
- yitechnology.com.sg/products/dash-camera/nvdBroken Link
News mentions
0No linked articles in our index yet.