PT-2026-25552 · Tuya+1 · Arduino-Tuyaopen
Maxime Rossi Bellom
·
Published
2026-03-15
·
Updated
2026-03-16
·
CVE-2026-28521
CVSS v3.1
7.7
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
arduino-TuyaOpen versions prior to 1.2.1
Description
arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read issue in the TuyaIoT component. An attacker who gains control of the Tuya cloud service can send malicious DP event data to victim devices. This can lead to memory access outside of the intended boundaries, potentially resulting in information disclosure or a denial-of-service condition.
Recommendations
Update arduino-TuyaOpen to version 1.2.1 or later.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arduino-Tuyaopen