Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

yeelight

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-8210
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-26 Jul, 2025 | 20:32
Updated-26 Aug, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components

A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-yeelightYeelink
Product-yeelight_classicYeelight App
CWE ID-CWE-926
Improper Export of Android Application Components
CVE-2023-42189
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.93%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 00:00
Updated-26 Nov, 2024 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

Action-Not Available
Vendor-yeelightgoveetaposwitchbotoreinnanoleafeven/aTP-Link Systems Inc.Philips
Product-hub2_firmwarelightstripsmart_lampmini_smart_wi-fi_plughue_bridge_firmwarehue_bridgehub2smart_plug_firmwareled_stripsmart_bulbled_strip_firmwareeve_door_and_windowsmart_lamp_firmwaremini_smart_wi-fi_plug_firmwareeve_door_and_window_firmwaresmart_pluglightstrip_firmwaresmart_bulb_firmwaren/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-20007
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 11.59%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:08
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.

Action-Not Available
Vendor-yeelightn/a
Product-smart_ai_speaker_firmwaresmart_ai_speakern/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource