PT-2026-22746 · Tuya · Tuya Sdk+1

Deoplljj

Publicado

2026-03-03

Atualizado

2026-03-04

CVE-2026-3465

CVSS v3.1

3.1

Baixa

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Tuya App and SDK version 24.07.11

Description A denial of service condition exists in Tuya App and SDK. The issue affects an unknown functionality within the JSON Data Point Handler component. Manipulation of the cruise time argument can lead to a denial of service. Remote exploitation is possible, but considered complex and difficult. The exploit has been publicly disclosed. The vendor disputes the validity of the finding, stating it does not represent a security vulnerability but rather abnormal product functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404

Identificadores relacionados

CVE-2026-3465

Produtos afetados

Tuya App

Tuya Sdk

PT-2026-22746 · Tuya · Tuya Sdk+1

CVE-2026-3465

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10