CVE-2025-59452
📋 TL;DR
The YoSmart YoLink API uses predictable endpoint URLs derived from device MAC addresses and MD5 hashes of non-secret information, allowing attackers to enumerate and potentially access smart devices. This affects all YoLink smart home devices using the vulnerable API. Attackers could discover and interact with devices they shouldn't have access to.
💻 Affected Systems
- YoLink smart home devices (sensors, hubs, controllers)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete enumeration of all YoLink devices in a region, unauthorized control of smart home devices (lights, locks, sensors), potential physical security compromise.
Likely Case
Discovery of nearby YoLink devices, limited unauthorized interaction with devices, privacy violation through device enumeration.
If Mitigated
Limited impact if devices are behind firewalls with strict network segmentation and API endpoints are not internet-facing.
🎯 Exploit Status
Exploitation requires knowledge of the predictable URL generation algorithm, which has been publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2025-10-02
Vendor Advisory: https://shop.yosmart.com/pages/sa-2025-001
Restart Required: Yes
Instructions:
1. Check device firmware version. 2. Update YoLink devices through the YoSmart app or web portal. 3. Ensure all devices are running firmware newer than 2025-10-02. 4. Restart devices after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate YoLink devices on separate VLAN or network segment to limit exposure.
Firewall Restrictions
allBlock external access to YoLink API endpoints at network perimeter.
🧯 If You Can't Patch
- Segment YoLink devices on isolated network with no internet access
- Implement strict firewall rules to block all inbound connections to YoLink devices
🔍 How to Verify
Check if Vulnerable:
Check if YoLink API endpoints follow predictable patterns using MAC addresses and MD5 hashes starting with cf50.Check Version:
Check device firmware version in YoSmart app or device web interfaceVerify Fix Applied:
Verify firmware version is newer than 2025-10-02 and test that endpoint URLs are no longer predictable.📡 Detection & Monitoring
Log Indicators:
- Unusual API endpoint access patterns
- Multiple failed authentication attempts to YoLink endpoints
- Access from unexpected IP addresses to device endpoints
Network Indicators:
- Unusual traffic to YoLink API endpoints
- Patterns of sequential endpoint enumeration
- External IPs accessing internal device endpoints
SIEM Query:
source_ip=external AND dest_port=443 AND url_path CONTAINS "/yolink/" AND (url_path MATCHES "*[0-9a-f]{12}*" OR url_path MATCHES "*cf50*")