CVE-2024-3764

Name of the Vulnerable Software and Affected Versions Tuya SDK versions up to 5.0.x

Description A vulnerability has been found in the MQTT Packet Handler component, which can lead to denial of service. The attack can be launched remotely, but the vendor notes that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. The real existence of this vulnerability is still doubted at the moment.

Recommendations For Tuya SDK versions up to 5.0.x, upgrade to version 5.1.0 to address this issue. As a temporary workaround, consider restricting access to the MQTT Packet Handler component until a patch is available.