Maxime Rossi Bellom

**Name of the Vulnerable Software and Affected Versions** arduino-TuyaOpen versions prior to 1.2.1 **Description** arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow in the `WiFiMulti` component. When a device connects to an attacker-controlled access point (AP), an attacker can exploit this overflow to execute arbitrary code on the affected embedded device. **Recommendations** Update arduino-TuyaOpen to version 1.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** arduino-TuyaOpen versions prior to 1.2.1 **Description** arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference issue within the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device. This can trigger a null pointer dereference, resulting in a denial-of-service condition. **Recommendations** Versions prior to 1.2.1 should be updated to version 1.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** arduino-TuyaOpen versions prior to 1.2.1 **Description** arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read issue in the TuyaIoT component. An attacker who gains control of the Tuya cloud service can send malicious DP event data to victim devices. This can lead to memory access outside of the intended boundaries, potentially resulting in information disclosure or a denial-of-service condition. **Recommendations** Update arduino-TuyaOpen to version 1.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** arduino-TuyaOpen versions prior to 1.2.1 **Description** arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow in the `DnsServer` component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices. **Recommendations** Update arduino-TuyaOpen to version 1.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Espressif Internet of Things (IOT) Development Framework versions 5.1.6 through 5.5.2 **Description** The Espressif Internet of Things (IOT) Development Framework (ESF-IDF) contains a flaw in the BLE ATT Prepare Write handling within the BLE provisioning transport (protocomm ble). A remote BLE client can trigger this issue while the device is in provisioning mode. The system incorrectly tracks the cumulative length of prepared-write fragments, leading to an out-of-bounds read and potential memory corruption when a client sends repeated prepare write requests with overlapping offsets. The transport accumulates these fragments in a fixed-size buffer, and the inflated length is passed to provisioning handlers during execute-write processing. **Recommendations** Update to version 5.5.3 Update to version 5.4.4 Update to version 5.3.5 Update to version 5.2.7 Update to version 5.1.7

**Name of the Vulnerable Software and Affected Versions** Espressif Internet of Things (IOT) Development Framework versions 5.1.6 through 5.5.2 **Description** The Espressif Internet of Things (IOT) Development Framework contains a use-after-free issue in the BLE provisioning transport (protocomm ble) layer. This occurs when provisioning is stopped with `keep ble on` set to true, freeing internal state and GATT metadata while the BLE stack and GATT services remain active. Subsequent BLE read or write callbacks can then dereference freed memory, potentially leading to invalid memory access triggered by a remote BLE client during provisioning mode. **Recommendations** Update to version 5.5.3 Update to version 5.4.4 Update to version 5.3.5 Update to version 5.2.7 Update to version 5.1.7

**Nome do software vulnerável e versões afetadas** Versões do DarManagerService anteriores à SMR maio de 2024, Release 1 **Descrição** O problema está relacionado a um controle de acesso inadequado no DarManagerService, permitindo que invasores locais monitorem os recursos do sistema. **Recomendações** Para versões anteriores ao SMR May-2024 Release 1, atualize para o SMR May-2024 Release 1 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Little Kernel nas versões do bootloader anteriores à SMR Mar-2024 Release 1 **Descrição** O problema consiste em um estouro de pilha no Little Kernel do bootloader, o que permite que invasores locais com privilégios executem código arbitrário. Isso pode ser explorado por invasores com privilégios. **Recomendações** Para versões anteriores ao SMR Mar-2024 Release 1, atualize para o SMR Mar-2024 Release 1 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso ao bootloader para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Versões do `libsthmbc.so` anteriores à SMR Fev-2024 Release 1 **Descrição** O problema está relacionado a vulnerabilidades de gravação fora dos limites na função `svc1td vld plh ap` do `libsthmbc.so`. Isso permite que invasores locais provoquem um estouro de buffer. **Recomendações** Para versões anteriores ao SMR Feb-2024 Release 1, atualize para o SMR Feb-2024 Release 1 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à função `svc1td vld plh ap` até que um patch esteja disponível.