PT-2026-25553 · Tuya+1 · Arduino-Tuyaopen
Maxime Rossi Bellom
·
Published
2026-03-15
·
Updated
2026-03-16
·
CVE-2026-28522
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
arduino-TuyaOpen versions prior to 1.2.1
Description
arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference issue within the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device. This can trigger a null pointer dereference, resulting in a denial-of-service condition.
Recommendations
Versions prior to 1.2.1 should be updated to version 1.2.1 or later.
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arduino-Tuyaopen