8.8
CVE-2026-28519
- EPSS 0.4%
- Veröffentlicht 15.03.2026 13:36:47
- Zuletzt bearbeitet 17.03.2026 15:38:55
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Loginarduino-TuyaOpen DnsServer Heap-Based Buffer Overflow Remote Code Execution
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tuya ≫ Arduino-tuyaopen Version < 1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.312 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
https://src.tuya.com/announcement/32
https://github.com/tuya/arduino-TuyaOpen
https://www.vulncheck.com/advisories/arduino-tuyaopen-dnsserver-heap-based-buffer-overflow-remote-code-execution