Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.7 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS6.7AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 2:6 a.m.23 views

CVE-2025-59447

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS6.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 2:6 a.m.8 views

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

5.8CVSS6.8AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 2:6 a.m.6 views

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS6.9AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 2:6 a.m.11 views

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS7.1AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/06 9:30 p.m.23 views

EUVD-2025-32585

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS6AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/06 9:30 p.m.6 views

EUVD-2025-32580

The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...

4.3CVSS6.4AI score0.00103EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/06 9:30 p.m.7 views

EUVD-2025-32584

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS6.6AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/06 9:30 p.m.4 views

EUVD-2025-32581

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS6.5AI score0.00299EPSS
Exploits0References4
NVD
NVD
added 2025/10/06 8:15 p.m.7 views

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2025/10/06 8:15 p.m.5 views

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS0.00299EPSS
Exploits0References4
NVD
NVD
added 2025/10/06 8:15 p.m.56 views

CVE-2025-59447

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS0.00168EPSS
Exploits0References3
NVD
NVD
added 2025/10/06 8:15 p.m.12 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS0.00173EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.3 views

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS6.6AI score0.00299EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.3 views

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS6.8AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2025/10/06 12:0 a.m.16 views

CVE-2025-59452

The CVE-2025-59452 entry maps to YoSmart YoLink ecosystem vulnerabilities noted by multiple sources. The YoSmart YoLink MQTT broker (through 2025-10-02) does not enforce sufficient authorization, enabling a cross‑account attack where an attacker with device IDs could remotely operate other users’...

5.8CVSS6.5AI score0.00423EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.11 views

YoSmart YoLink API 安全漏洞

The YoSmart YoLink API is a smart home management interface from YoSmart USA. A security vulnerability exists in the YoSmart YoLink API that stems from the use of endpoint URLs based on device MAC addresses and MD5 hashes, which could lead to information disclosure...

5.8CVSS6.6AI score0.00423EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.10 views

PT-2025-40947

Name of the Vulnerable Software and Affected Versions YoSmart YoLink Smart Hub firmware version 0382 Description The YoSmart YoLink Smart Hub firmware version 0382 is unencrypted. Data extracted from the device can be used to determine network access credentials. Recommendations At the moment,...

4.3CVSS6.4AI score0.00103EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.6 views

YoSmart YoLink MQTT broker 安全漏洞

YoSmart YoLink MQTT broker is a messaging proxy server from YoSmart USA. A security vulnerability exists in YoSmart YoLink MQTT broker version 2025-10-02 and earlier, which stems from insufficient authorization controls and could lead to cross-account attacks...

4.9CVSS6.8AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.4 views

YoSmart YoLink Application 安全漏洞

YoSmart YoLink Application is a smart home management application from YoSmart USA. A security vulnerability exists in YoSmart YoLink Application version 2025-10-02 and earlier, which stems from a session token lifecycle that is too long...

3.5CVSS7AI score0.00299EPSS
Exploits0References4
Rows per page
Query Builder