CVE-2024-56897 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-56897?

CVE-2024-56897 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to download/upload files and execute API commands on YI Car Dashcam devices. Attackers can disable recording, turn off sounds, factory reset devices, and potentially access sensitive footage. All users of affected YI Car Dashcam devices are at risk.

📋 TL;DR

This vulnerability allows unauthenticated attackers to download/upload files and execute API commands on YI Car Dashcam devices. Attackers can disable recording, turn off sounds, factory reset devices, and potentially access sensitive footage. All users of affected YI Car Dashcam devices are at risk.

💻 Affected Systems

Products:

YI Car Dashcam

Versions: v3.88 and likely earlier versions

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The HTTP server runs by default on port 80 with no authentication required.

📦 What is this software?

Yi Car Dashcam Firmware by Yitechnology

View all CVEs affecting Yi Car Dashcam Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to disable security features, access private footage, upload malicious firmware, and render the dashcam useless.

🟠

Likely Case

Unauthorized access to recorded footage, disabling of recording functions, and potential privacy violations.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and devices are behind firewalls.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly attacked without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or malware on the same network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Proof-of-concept code is publicly available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://yitechnology.com.sg/products/dash-camera/

Restart Required: No

Instructions:

No official patch available. Contact YI Technology for firmware updates and check their website for security advisories.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate dashcam devices on a separate VLAN or network segment to prevent external access.

Firewall Rules

linux

Block inbound connections to dashcam HTTP server (port 80) from untrusted networks.

iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Disconnect dashcam from internet/Wi-Fi and use only local storage
Physically disconnect device when not in use or park in secure locations

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[dashcam-ip]/api/status without authentication. If it returns device information, the device is vulnerable.

Check Version:

Check device settings menu or access http://[dashcam-ip]/api/status for firmware version

Verify Fix Applied:

Check if authentication is now required for API endpoints and file access. Attempt unauthenticated access should fail.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to /api/ endpoints
Multiple failed authentication attempts if logging enabled
File download/upload activity

Network Indicators:

HTTP requests to dashcam port 80 from external IPs
Unusual API command patterns
File transfer activity to/from dashcam

SIEM Query:

source_ip=external AND dest_port=80 AND (uri_path CONTAINS "/api/" OR uri_path CONTAINS "/download/")

📊 Metadata

CVE ID: CVE-2024-56897

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.21% exploit probability (43.5th percentile)

Published: February 24, 2025

Last Updated: March 3, 2025

🔗 References

https://geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4 Exploit,Third Party Advisory
https://github.com/geo-chen/YI-Smart-Dashcam/ Exploit,Third Party Advisory
https://yitechnology.com.sg/products/dash-camera/ Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56897, you might also want to check these: