YoSmart/YoLink A.I CyberSecurity Scoring
YoSmart/YoLink
Company Information
Website:https://www.yosmart.com
Employees number:4
Number of followers:279
NAICS:334
Industry Type:Computers and Electronics Manufacturing
Homepage:yosmart.com
YoSmart/YoLink Risk Score (AI oriented)
Between 700 and 749
YoSmart/YoLinkComputers and Electronics Manufacturing
Updated:
27/03/2026
27/03/2026
748/1000
Moderate
Ba
YoSmart/YoLink Global Score (TPRM)
xxxx
YoSmart/YoLinkComputers and Electronics Manufacturing
Score locked

YoSmart/YoLinkModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748
JUNE 2026
748
MAY 2026
748
APRIL 2026
748
MARCH 2026
748
FEBRUARY 2026
748
JANUARY 2026
752
Vulnerability
13 Jan 2026 • YoSmart/YoLink
Güralp Systems, Rockwell Automation and YoSmart: CISA issues multiple ICS advisories, details DoS vulnerability risk in Rockwell devices used in critical manufacturing
CISA Publishes Advisories on Vulnerabilities in Rockwell Automation and YoSmart Products
747
CRITICAL-5
GURROCYOS1768400893
CISA Issues Critical ICS Advisories for Rockwell Automation and YoSmart Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three new advisories and updated an existing one on Tuesday, highlighting significant vulnerabilities in industrial control systems (ICS) from Rockwell Automation and YoSmart. The advisories address risks in critical manufacturing and global communications sectors, with potential impacts ranging from denial-of-service (DoS) conditions to unauthorized device control.
### Rockwell Automation Vulnerabilities
1. CVE-2025-9368 (CVSS 7.5)
- Affects Rockwell Automation 432ES-IG3 Series A devices, specifically the GuardLink EtherNet/IP Interface.
- The flaw stems from uncontrolled resource allocation, allowing attackers to trigger a DoS condition requiring a manual power cycle to restore functionality.
- Mitigation: Users should upgrade to V2.001.9 or later; those unable to update should follow Rockwell’s security best practices.
2. CVE-2025-12807 (CVSS 8.8)
- Impacts FactoryTalk DataMosaix Private Cloud (versions 7.11, 8.00, and 8.01).
- The vulnerability involves SQL injection, enabling low-privilege users to execute unauthorized database operations via exposed API endpoints.
- Mitigation: Update to Version 8.01.02 or later.
### YoSmart YoLink Smart Hub Vulnerabilities
Multiple flaws were identified in the YoSmart YoLink ecosystem, affecting the Smart Hub, server, and mobile application (CVE-2025-59448, CVE-2025-59449, CVE-2025-59451, CVE-2025-59452), with a CVSS score of 5.8.
- Exploitation Risks:
- Remote device control of other users’ smart home devices.
- Session hijacking and sensitive data interception due to weak authorization controls and predictable device IDs.
- Cleartext transmission of data via unencrypted MQTT, exposing communications to interception or tampering.
- Long-lived session tokens in the mobile app, increasing the risk of unauthorized access.
- Technical Details:
- The YoLink MQTT broker (through 2025-10-02) lacks sufficient authorization checks, allowing cross-account attacks if device IDs are obtained.
- Device IDs are predictable, enabling attackers to gain control over any YoLink user’s devices.
- API endpoints use MD5 hashing of non-secret data (e.g., MAC addresses), further weakening security.
### CISA’s Recommendations
While no active exploitation has been reported, CISA advises organizations to:
- Minimize network exposure for ICS devices, ensuring they are not internet-accessible.
- Isolate control systems behind firewalls and separate them from business networks.
- Use secure remote access methods, such as updated VPNs, when necessary.
- Conduct risk assessments before deploying defensive measures.
The advisories underscore ongoing risks in ICS environments, particularly in critical infrastructure sectors. Organizations are urged to apply patches and follow CISA’s Defense-in-Depth Strategies for proactive cybersecurity.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
752
NOVEMBER 2025
752
OCTOBER 2025
752
SEPTEMBER 2025
752
AUGUST 2025
752
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for YoSmart/YoLink ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in June 2026 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in May 2026 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in April 2026 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in March 2026 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in February 2026 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in January 2026 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in December 2025 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in November 2025 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in October 2025 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in September 2025 ??
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on YoSmart/YoLink's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with YoSmart/YoLink ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view YoSmart/YoLink's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?