VYPR

DiLink 3.0 OS

by BYD

CVEs (2)

  • CVE-2025-28169HigApr 23, 2025
    risk 0.53cvss 8.1epss 0.00

    BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack.

  • CVE-2025-7020MedAug 9, 2025
    risk 0.33cvss epss 0.00

    An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's…