{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T20:51:00.357","vulnerabilities":[{"cve":{"id":"CVE-2025-28169","sourceIdentifier":"cve@mitre.org","published":"2025-04-23T20:15:43.767","lastModified":"2025-04-29T13:52:47.470","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack."},{"lang":"es","value":"Se descubrió que BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 a v3.0_13.1.7.2312290.1_0 enviaba transmisiones al servidor en la nube del fabricante sin cifrar, lo que permitía a los atacantes ejecutar un ataque de intermediario."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https:\/\/gist.github.com\/rainymode\/bfd976ecbe0d0b776fd930375156c19c","source":"cve@mitre.org"},{"url":"https:\/\/www.byd.com","source":"cve@mitre.org"}]}}]}