ГлавнаяУязвимости → CVE-2026-28521
7.7высокая

CVE-2026-28521

Описание

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information disclosure or a denial-of-service condition.

Затрагиваемое ПО
Tuya Arduino-tuyaopen
CVSS
Балл7.7 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Источники
https://github.com/tuya/arduino-TuyaOpenhttps://src.tuya.com/announcement/32https://www.vulncheck.com/advisories/arduino-tuyaopen-tuyaiot-out-of-bounds-memory-read-information-disclosure