CVE-2026-28520

High CVSS: 8.6

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device.

Vendor

Tuya

Product

Arduino-tuyaopen

CWE

CWE-193

Yayın Tarihi

2026-03-16 14:19:28

Güncelleme

2026-03-17 15:39:38

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-193 Arduino-tuyaopen HIGH Tuya 2026

Referanslar

https://github.com/tuya/arduino-TuyaOpen https://src.tuya.com/announcement/32 https://www.vulncheck.com/advisories/arduino-tuyaopen-wifimulti-single-byte-buffer-overflow-remote-code-execution

Benzer Kayıtlar

High

CVE-2026-28519

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An…

High

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An a…

High

CVE-2026-28522

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An att…

High

CVE-2025-56400

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, a…

Critical

CVE-2025-56557

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Mat…