Listen to this Post
How the CVE Works
The vulnerability in Yi IOT XY-3820 v6.0.24.10 stems from improper input validation in its daemon process, which listens on TCP port 6789. Attackers can exploit this flaw by sending crafted TCP requests containing directory traversal sequences (e.g., ../../). This allows unauthorized access to arbitrary scripts stored on the device, leading to remote code execution (RCE). The daemon fails to sanitize user-supplied paths, enabling attackers to traverse directories and execute malicious payloads with the same privileges as the service.
DailyCVE Form
Platform: Yi IOT XY-3820
Version: v6.0.24.10
Vulnerability: Directory Traversal → RCE
Severity: Critical
Date: 06/23/2025
Prediction: Patch by 08/2025
What Undercode Say
Analytics
nmap -p 6789 <target_IP> curl -X POST "http://<target_IP>:6789/../../malicious_script.sh"
How Exploit
1. Craft TCP request with traversal payload.
2. Trigger script execution via port 6789.
3. Gain shell access.
Protection from this CVE
- Disable port 6789 if unused.
- Apply vendor patches.
- Implement input sanitization.
Impact
- Full device compromise.
- Unauthorized data access.
- Botnet enlistment.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
