Vulnerability Details
Basic Information
| Title | CVE-2025-29660 |
|---|---|
| Type | cve |
| Published | 2025-04-21T15:16:00 |
| Last Seen | 2025-04-21T15:32:24 |
| CVSS Score | 9.8 (CRITICAL) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-29660 |
|---|---|
| CWE | CWE-22 |
| Bulletin Family | cve |
Description
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
Impact Assessment
| Base Score | 9.8 |
|---|---|
| Severity | CRITICAL |