CVE-2025-29660 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validat…
Critical CVSS: 9.8

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
Vendor
Yiiot
Product
Xy-3820 Firmware
CWE
CWE-22
Yayın Tarihi
2025-04-21 15:16:00
Güncelleme
2025-06-23 13:40:34
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-22 Xy-3820 Firmware CRITICAL Yiiot 2025

Referanslar

https://github.com/Yasha-ops/RCE-YiIOT https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29660