CVE-2026-28522
- EPSS 0.01%
- Veröffentlicht 15.03.2026 13:36:52
- Zuletzt bearbeitet 17.03.2026 20:27:41
arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, tr...
CVE-2026-28519
- EPSS 0.01%
- Veröffentlicht 15.03.2026 13:36:47
- Zuletzt bearbeitet 17.03.2026 15:38:55
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buf...
CVE-2026-28521
- EPSS 0.01%
- Veröffentlicht 15.03.2026 13:35:46
- Zuletzt bearbeitet 17.03.2026 20:24:33
arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds ...
CVE-2026-28520
- EPSS 0.01%
- Veröffentlicht 15.03.2026 13:35:42
- Zuletzt bearbeitet 17.03.2026 15:39:38
arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute ar...