Bluetooth Low Energy (BLE) Authentication Bypass Vulnerability in YI M1 Mirrorless Camera V3.2-cn

Bluetooth Low Energy (BLE) Authentication Bypass Vulnerability in YI M1 Mirrorless Camera V3.2-cn

CVE-2019-13953 · HIGH Severity

AV:A/AC:L/AU:N/C:C/I:C/A:C

An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication.

Learn more about our Web Application Penetration Testing UK.