PT-2026-25550 · Tuya+1 · Arduino-Tuyaopen
Maxime Rossi Bellom
·
Publicado
2026-03-15
·
Atualizado
2026-03-16
·
CVE-2026-28519
CVSS v3.1
8.8
Alta
| Vetor | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
arduino-TuyaOpen versions prior to 1.2.1
Description
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow in the
DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.Recommendations
Update arduino-TuyaOpen to version 1.2.1 or later.
Correção
RCE
Heap Based Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Arduino-Tuyaopen