Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
YoSmart/YoLink

YoSmart/YoLink Vendor Cyber Rating & Cyber Score

yosmart.com

YoLink, by YoSmart, a US corporation based in Irvine, California, is a line of wireless smart products for residential and commercial use, utilizing wireless technology initially utilized for industrial and other large-scale applications. This technology, LoRa, short for Long-Range, is unique in the smart home industry and provides you with benefits that include 2 to 10 year battery life, 1/4 mile extreme long range, superior wall and obstruction penetration, including concrete, masonry and even metal! YoLink benefits include a more secure automation network due to a centralized and encrypted internet connection, as the devices are not on the internet and they do not rely on WiFi. All communication is encrypted, and controlled by AWS


YoSmart/YoLink A.I CyberSecurity Scoring

YoSmart/YoLink
Company Information
Website:https://www.yosmart.com
Employees number:4
Number of followers:279
NAICS:334
Industry Type:Computers and Electronics Manufacturing
Homepage:yosmart.com
YoSmart/YoLink Risk Score (AI oriented)
Between 700 and 749
logo
YoSmart/YoLinkComputers and Electronics Manufacturing
Updated:
27/03/2026
748/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
YoSmart/YoLink Global Score (TPRM)
xxxx
logo
YoSmart/YoLinkComputers and Electronics Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

YoSmart/YoLink
YoSmart/YoLinkModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748Before Incident
JUNE 2026
748Before Incident
MAY 2026
748Before Incident
APRIL 2026
748Before Incident
MARCH 2026
748Before Incident
FEBRUARY 2026
748Before Incident
JANUARY 2026
752Before Incident
Vulnerability
13 Jan 2026YoSmart/YoLink
Güralp Systems, Rockwell Automation and YoSmart: CISA issues multiple ICS advisories, details DoS vulnerability risk in Rockwell devices used in critical manufacturing

CISA Publishes Advisories on Vulnerabilities in Rockwell Automation and YoSmart Products

747After Incident
CRITICAL-5
GURROCYOS1768400893
CISA Issues Critical ICS Advisories for Rockwell Automation and YoSmart Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three new advisories and updated an existing one on Tuesday, highlighting significant vulnerabilities in industrial control systems (ICS) from Rockwell Automation and YoSmart. The advisories address risks in critical manufacturing and global communications sectors, with potential impacts ranging from denial-of-service (DoS) conditions to unauthorized device control. ### Rockwell Automation Vulnerabilities 1. CVE-2025-9368 (CVSS 7.5) - Affects Rockwell Automation 432ES-IG3 Series A devices, specifically the GuardLink EtherNet/IP Interface. - The flaw stems from uncontrolled resource allocation, allowing attackers to trigger a DoS condition requiring a manual power cycle to restore functionality. - Mitigation: Users should upgrade to V2.001.9 or later; those unable to update should follow Rockwell’s security best practices. 2. CVE-2025-12807 (CVSS 8.8) - Impacts FactoryTalk DataMosaix Private Cloud (versions 7.11, 8.00, and 8.01). - The vulnerability involves SQL injection, enabling low-privilege users to execute unauthorized database operations via exposed API endpoints. - Mitigation: Update to Version 8.01.02 or later. ### YoSmart YoLink Smart Hub Vulnerabilities Multiple flaws were identified in the YoSmart YoLink ecosystem, affecting the Smart Hub, server, and mobile application (CVE-2025-59448, CVE-2025-59449, CVE-2025-59451, CVE-2025-59452), with a CVSS score of 5.8. - Exploitation Risks: - Remote device control of other users’ smart home devices. - Session hijacking and sensitive data interception due to weak authorization controls and predictable device IDs. - Cleartext transmission of data via unencrypted MQTT, exposing communications to interception or tampering. - Long-lived session tokens in the mobile app, increasing the risk of unauthorized access. - Technical Details: - The YoLink MQTT broker (through 2025-10-02) lacks sufficient authorization checks, allowing cross-account attacks if device IDs are obtained. - Device IDs are predictable, enabling attackers to gain control over any YoLink user’s devices. - API endpoints use MD5 hashing of non-secret data (e.g., MAC addresses), further weakening security. ### CISA’s Recommendations While no active exploitation has been reported, CISA advises organizations to: - Minimize network exposure for ICS devices, ensuring they are not internet-accessible. - Isolate control systems behind firewalls and separate them from business networks. - Use secure remote access methods, such as updated VPNs, when necessary. - Conduct risk assessments before deploying defensive measures. The advisories underscore ongoing risks in ICS environments, particularly in critical infrastructure sectors. Organizations are urged to apply patches and follow CISA’s Defense-in-Depth Strategies for proactive cybersecurity.
INCIDENT DETAILS -
TYPE
Denial-of-ServiceSQL InjectionUnauthorized AccessSession Hijacking
IMPACT
Sensitive database operationsPersonally identifiable informationSession tokensRockwell Automation 432ES-IG3 Series ARockwell Automation FactoryTalk DataMosaix Private CloudYoSmart YoLink Smart HubYoLink Mobile ApplicationDowntime: Manual power cycle required for recovery (Rockwell Automation 432ES-IG3 Series A)Denial-of-service conditionUnauthorized control of smart home devicesIdentity Theft Risk: High (due to PII exposure)
DATA BREACH
Database operationsSession tokensDevice identifiersSensitivity Of Data: High (PII, device control access)Data Exfiltration: Possible (via MQTT traffic interception)Data Encryption: Lacking (cleartext MQTT transmission)Personally Identifiable Information: Yes
DECEMBER 2025
752Before Incident
NOVEMBER 2025
752Before Incident
OCTOBER 2025
752Before Incident
SEPTEMBER 2025
752Before Incident
AUGUST 2025
752Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for YoSmart/YoLink ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in June 2026 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in May 2026 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in April 2026 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in March 2026 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in February 2026 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in January 2026 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in December 2025 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in November 2025 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in October 2025 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in September 2025 ?
?
What was YoSmart/YoLink's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on YoSmart/YoLink's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with YoSmart/YoLink ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view YoSmart/YoLink's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?