YoSmart YoLink Smart Hub UART Debug Interface Vulnerability Allowing Credential Exposure
Vulnerability
A vulnerability exists in the YoSmart YoLink Smart Hub device model 0382, which exposes a UART debug interface. This issue allows an attacker with direct physical access to the device to read boot logs that include sensitive network credentials. The vulnerability arises from the ESP32-WROOM-32 microcontroller, which is commonly used in IoT devices and can be accessed through the UART pins.
Impact
Exploitation of this vulnerability could lead to unauthorized access to network credentials, allowing an attacker to intercept unencrypted Wi-Fi information and potentially control connected YoLink devices remotely.
Reproduction
The vulnerability can be reproduced by physically accessing the YoLink Smart Hub 0382 and connecting to the UART pins of the exposed ESP32-WROOM-32 chip. This can be done using a Flipper Zero device, which can establish a serial connection to the hub. Once connected, the boot logs can be intercepted using a terminal program, such as picocom. The logs will reveal the device's Wi-Fi credentials and other sensitive information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.