CVE-2026-28519

High CVSS: 8.7

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.

Vendor

Tuya

Product

Arduino-tuyaopen

CWE

CWE-122

Yayın Tarihi

2026-03-16 14:19:28

Güncelleme

2026-03-17 15:38:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-122 Arduino-tuyaopen HIGH Tuya 2026

Referanslar

https://github.com/tuya/arduino-TuyaOpen https://src.tuya.com/announcement/32 https://www.vulncheck.com/advisories/arduino-tuyaopen-dnsserver-heap-based-buffer-overflow-remote-code-execution

Benzer Kayıtlar

High

CVE-2026-28520

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. W…

High

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An a…

High

CVE-2026-28522

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An att…

High

CVE-2025-56400

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, a…

Critical

CVE-2025-56557

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Mat…