6 matches found
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
EUVD-2025-32583
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59448
CVE-2025-59448 concerns the YoSmart YoLink ecosystem, where components including the YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker communicate over the internet using unencrypted MQTT. The vulnerability arises from insecure transmission, allowing an attacker who can m...
PT-2025-40945
Name of the Vulnerable Software and Affected Versions YoSmart YoLink ecosystem through 2025-10-02 YoLink Hub 0382 YoLink Mobile Application version 1.40.41 YoLink MQTT Broker Description Components of the YoSmart YoLink ecosystem utilize unencrypted MQTT for internet communication. This allows an...