- Description
- A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.
- Source
- cve@mitre.org
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
🔴 Yi #IOT XY-3820, Directory Traversal to RCE, #CVE-2025-29660 (Critical) https://t.co/ZX64ai6U2e
@dailycve
23 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29660 (CVSS:9.8, CRITICAL) is Awaiting Analysis. A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789...https://t.co/7jCPDhr57K #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
26 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
スマートカメラYi IOT XY-3820に重大(Critical)な脆弱性2件。CVE-2025-29659及びCVE-2025-29660はCVSSスコア9.8で、root権限でのコマンド実行。TCP 6789とTCP 999の両ポートが脆弱。 https://t.co/Zzb47rKsNt
@__kokumoto
23 Apr 2025
1352 Impressions
3 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-29660 ⚠️🔴 CRITICAL (9.8) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/f4m7Skh3BZ 🔗 https://t.co/I7Pqk4c2It #CyberCron #VulnAlert #InfoSec https://t.co/8QDUWbGIcO
@cybercronai
22 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29660 A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, a… https://t.co/mbP6iFFc39
@CVEnew
21 Apr 2025
414 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes