37 matches found
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
CVE-2025-59451
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59452
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...
EUVD-2025-32580
The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...
EUVD-2025-32584
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
EUVD-2025-32585
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
EUVD-2025-32581
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
CVE-2025-59451
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59451
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
CVE-2025-59451
The connected sources confirm CVE-2025-59451 affects the YoSmart YoLink ecosystem: the YoLink MQTT broker and the YoLink API (through 2025-10-02) use session tokens with unexpectedly long lifetimes, enabling persistent unauthorized access. CISA’s advisory details additional risks tied to this vul...
CVE-2025-59452
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...
CVE-2025-59452
The CVE-2025-59452 entry maps to YoSmart YoLink ecosystem vulnerabilities noted by multiple sources. The YoSmart YoLink MQTT broker (through 2025-10-02) does not enforce sufficient authorization, enabling a cross‑account attack where an attacker with device IDs could remotely operate other users’...
PT-2025-40949
Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...
YoSmart YoLink Smart Hub 安全漏洞
The YoSmart YoLink Smart Hub is a smart home hub device from YoSmart USA. A security vulnerability exists in the YoSmart YoLink Smart Hub version 0382, which stems from exposing the UART debugging interface and could lead to the disclosure of network access credentials...