PT-2025-40945 · Yosmart · Yolink Hub+2
Nicholas Cerne
·
Publicado
2025-10-06
·
Atualizado
2025-10-07
·
CVE-2025-59448
CVSS v3.1
4.7
Média
| Vetor | AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
YoSmart YoLink ecosystem through 2025-10-02
YoLink Hub 0382
YoLink Mobile Application version 1.40.41
YoLink MQTT Broker
Description
Components of the YoSmart YoLink ecosystem utilize unencrypted MQTT for internet communication. This allows an attacker monitoring network traffic to potentially obtain sensitive information or manipulate traffic to control devices. MQTT (Message Queuing Telemetry Transport) is a lightweight messaging protocol often used in IoT devices.
Recommendations
Update YoLink Hub to a version after 2025-10-02.
Update YoLink Mobile Application to a version after 2025-10-02.
Update YoLink MQTT Broker to a version after 2025-10-02.
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Yolink Hub
Yolink Mqtt Broker
Yolink Mobile Application