CVE-2025-59447

Published: Oct 6, 2025Modified: Oct 8, 2025

2.2

Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Exploitability: 0.5 / Impact: 1.4

Source: MITRE (Secondary)

Description

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.

Related CWEs

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (3)

https://bishopfox.com/blog/advisories

Source: cve@mitre.org

https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home

Source: cve@mitre.org

https://shop.yosmart.com/pages/product-support

Source: cve@mitre.org

Timeline

No history available yet.