← voltar
CVE-2025-59452

CVE-2025-59452

CVSS 5.8 MEDIUMEPSS 0.4%CWE-340
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Produtos afetados
YoSmart · YoLink API

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bishopfox.com/blog/advisorieshttps://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-homehttps://shop.yosmart.com/pages/product-supporthttps://shop.yosmart.com/pages/sa-2025-001