CVE-2026-28522

High CVSS: 7.1

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.

Vendor

Tuya

Product

Arduino-tuyaopen

CWE

CWE-476

Yayın Tarihi

2026-03-16 14:19:28

Güncelleme

2026-03-17 20:27:41

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-476 Arduino-tuyaopen HIGH Tuya 2026

Referanslar

https://github.com/tuya/arduino-TuyaOpen https://src.tuya.com/announcement/32 https://www.vulncheck.com/advisories/arduino-tuyaopen-wifiudp-null-pointer-dereference-denial-of-service

Benzer Kayıtlar

High

CVE-2026-28519

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An…

High

CVE-2026-28520

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. W…

High

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An a…

High

CVE-2025-56400

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, a…

Critical

CVE-2025-56557

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Mat…