PT-2026-25552 · Tuya+1 · Arduino-Tuyaopen
Maxime Rossi Bellom
·
Publicado
2026-03-15
·
Atualizado
2026-03-16
·
CVE-2026-28521
CVSS v3.1
7.7
Alta
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
arduino-TuyaOpen versions prior to 1.2.1
Description
arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read issue in the TuyaIoT component. An attacker who gains control of the Tuya cloud service can send malicious DP event data to victim devices. This can lead to memory access outside of the intended boundaries, potentially resulting in information disclosure or a denial-of-service condition.
Recommendations
Update arduino-TuyaOpen to version 1.2.1 or later.
Correção
DoS
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Arduino-Tuyaopen