PT-2026-25550 · Tuya+1 · Arduino-Tuyaopen
Maxime Rossi Bellom
·
Published
2026-03-15
·
Updated
2026-03-16
·
CVE-2026-28519
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
arduino-TuyaOpen versions prior to 1.2.1
Description
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow in the
DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.Recommendations
Update arduino-TuyaOpen to version 1.2.1 or later.
Fix
RCE
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arduino-Tuyaopen