Vulnerabilidades en YoSmart
6 resultadosCVE-2025-59452MEDIUMThe YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secEPSS 0.4%CVE-2025-59451LOWThe YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.EPSS 0.3%CVE-2025-59449MEDIUMThe YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowEPSS 0.3%CVE-2025-59448MEDIUMComponents of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with tEPSS 0.2%CVE-2025-59447LOWThe YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interfaceEPSS 0.2%CVE-2025-59450MEDIUMThe YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.EPSS 0.1%