CVE-2025-29660 – Yi IOT XY-3820 Remote Code Execution Vulnerability

April 21, 2025

CVE ID : CVE-2025-29660

Published : April 21, 2025, 3:16 p.m. | 2 hours, 1 minute ago

Description : A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-29659 – Yi IOT XY-3820 Remote Command Execution Vulnerability

Next Article CVE-2025-29287 – MCMS Ueditor Unrestricted File Upload Vulnerability

Highlights

CVE-2025-5748 – WOLFBOX Level 2 EV Charger Remote Code Execution Vulnerability

June 6, 2025

CVE ID : CVE-2025-5748

Published : June 6, 2025, 4:15 p.m. | 1 hour, 44 minutes ago

Description : WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-29660 – Yi IOT XY-3820 Remote Code Execution Vulnerability

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

OBS Studio 31.1 is now stable with key Linux upgrades, WoA support, and more

CVE-2025-35975 – MicroDicom DICOM Viewer Out-of-Bounds Write RCE

DeepSeek-AI Released DeepSeek-Prover-V2: An Open-Source Large Language Model Designed for Formal Theorem, Proving through Subgoal Decomposition and Reinforcement Learning

Looking for an AI-powered website builder? Here’s your best option in 2025

CVE-2025-5748 – WOLFBOX Level 2 EV Charger Remote Code Execution Vulnerability

Cyber Brief 25-05 – April 2025

FreedomBox – Debian-based distribution

CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)

CVE-2025-29660 – Yi IOT XY-3820 Remote Code Execution Vulnerability

Related Posts