CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Yasha-ops/RCE-YiIOT	Exploit Vendor Advisory
https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29660	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:yiiot:xy-3820_firmware:6.0.24.10:*:*:*:*:*:*:*

cpe:2.3:h:yiiot:xy-3820:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-21 15:16

Updated : 2025-06-23 13:40

NVD link : CVE-2025-29660

Mitre link : CVE-2025-29660

CVE.ORG link : CVE-2025-29660

JSON object : View

Products Affected

yiiot

xy-3820
xy-3820_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-29660", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-04-21T15:16:00.297", "references": [{"url": "https://github.com/Yasha-ops/RCE-YiIOT", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29660", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques."}, {"lang": "es", "value": "Existe una vulnerabilidad en el proceso daemon del Yi IOT XY-3820 v6.0.24.10 que expone un servicio TCP en el puerto 6789. Este servicio carece de una validaci\u00f3n de entrada adecuada, lo que permite a los atacantes ejecutar scripts arbitrarios presentes en el dispositivo mediante el env\u00edo de solicitudes TCP especialmente manipuladas mediante t\u00e9cnicas de directory traversal."}], "lastModified": "2025-06-23T13:40:34.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yiiot:xy-3820_firmware:6.0.24.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0DD4EB-C004-4D32-93E0-56F3FF8CB9D7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yiiot:xy-3820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "443B37BC-189E-49AE-AF42-FA466C042C3F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}