CVE-2025-28169

Name of the Vulnerable Software and Affected Versions BYD QIN PLUS DM-i Dilink OS versions v3.0 13.1.7.2204050.1 through v3.0 13.1.7.2312290.1 0

Description The issue allows attackers to execute a man-in-the-middle attack because the affected software sends broadcasts to the manufacturer's cloud server unencrypted.

Recommendations For versions v3.0 13.1.7.2204050.1 through v3.0 13.1.7.2312290.1 0, consider implementing encryption for broadcasts to the cloud server as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.