Filtered by vendor Yosmart Subscriptions

Search

Switch to Advanced Search (Beta)
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-59448 1 Yosmart 3 Yolink Hub, Yolink Mobile Application, Yolink Mqtt Broker 2025-10-08 4.7 Medium
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker.
CVE-2025-59447 1 Yosmart 1 Yolink Smart Hub 2025-10-08 2.2 Low
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.
CVE-2025-59451 1 Yosmart 1 Yolink Application 2025-10-08 3.5 Low
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.
CVE-2025-59450 1 Yosmart 1 Yolink Smart Hub 2025-10-08 4.3 Medium
The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.
CVE-2025-59452 1 Yosmart 1 Yolink Api 2025-10-08 5.8 Medium
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50.
CVE-2025-59449 1 Yosmart 1 Yolink Mqtt Broker 2025-10-08 4.9 Medium
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacker can exploit this to gain full control over any other YoLink user's devices.