25 matches found
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
EUVD-2025-32580
The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...
EUVD-2025-32584
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
EUVD-2025-32581
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59451
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59449
The YoSmart YoLink MQTT broker and ecosystem components through 2025-10-02 contain multiple concrete issues: (1) insufficient authorization controls allow cross-account attack if an attacker learns device IDs, potentially enabling remote control of other users’ devices; (2) YoLink device IDs are ...
PT-2025-40947
Name of the Vulnerable Software and Affected Versions YoSmart YoLink Smart Hub firmware version 0382 Description The YoSmart YoLink Smart Hub firmware version 0382 is unencrypted. Data extracted from the device can be used to determine network access credentials. Recommendations At the moment,...
YoSmart YoLink MQTT broker 安全漏洞
YoSmart YoLink MQTT broker is a messaging proxy server from YoSmart USA. A security vulnerability exists in YoSmart YoLink MQTT broker version 2025-10-02 and earlier, which stems from insufficient authorization controls and could lead to cross-account attacks...
CVE-2025-59450
The CVE-2025-59450 entry concerns YoSmart YoLink Smart Hub firmware 0382 (unencrypted). The documented impact is that data extracted from the device could be used to determine network access credentials, exposing confidentiality. No exploitation details are provided in the supplied documents. Rem...
CVE-2025-59450
The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...
CVE-2025-59451
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-59450
The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...
YoSmart YoLink Smart Hub 安全漏洞
YoSmart YoLink Smart Hub is a smart home hub device from YoSmart USA. A security vulnerability exists in YoSmart YoLink Smart Hub version 0382, which stems from unencrypted firmware and could lead to the disclosure of network access credentials...
CVE-2025-59447
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...