Lucene search
K

85 matches found

EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41464

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS6AI score0.00559EPSS
Exploits2References4
EUVD
EUVD
added 2026/07/03 12:31 a.m.10 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-13768

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS0.00559EPSS
Exploits2References3
NVD
NVD
added 2026/07/03 12:16 a.m.8 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:52 p.m.21 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:52 p.m.52 views

CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax

The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...

5.4CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:49 p.m.63 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:49 p.m.17 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:40 p.m.75 views

CVE-2026-13768 Gardyn IoT Hub Use of Hard-coded Credentials

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS0.00559EPSS
Exploits2References3
CVE
CVE
added 2026/07/02 11:40 p.m.24 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2026/04/07 4:37 a.m.119 views

Exploit for CVE-2025-10681

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

8.8CVSS6.1AI score0.00275EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.6 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/03 9:31 p.m.5 views

EUVD-2026-18839

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS5.9AI score0.00436EPSS
Exploits1References4
NVD
NVD
added 2026/04/03 9:17 p.m.12 views

CVE-2026-28766

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS0.00436EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 8:26 p.m.15 views

CVE-2025-10681

Gardyn CVE-2025-10681 affects the Gardyn mobile app and device firmware, which hardcode Azure Blob Storage account keys granting account‑level access to three storage accounts. Impact includes read access to ~115k camera images, read/write to OTA firmware storage (enabling supply chain risk), acc...

8.8CVSS5.9AI score0.00275EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 8:26 p.m.3 views

CVE-2025-10681 Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers...

8.8CVSS5.9AI score0.00275EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 8:23 p.m.13 views

CVE-2026-25197

CVE-2026-25197 pertains to Gardyn Cloud API, where an endpoint allows an authenticated user to pivot to other user profiles by altering the id parameter in the API call. The underlying issue is an authorization bypass via a user-controlled key/id, enabling access to other profiles and potentially...

9.3CVSS5.9AI score0.00295EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/03 8:23 p.m.24 views

CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 8:23 p.m.2 views

CVE-2026-25197 Gardyn Cloud API Authorization Bypass Through User-Controlled Key

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS5.9AI score0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 8:20 p.m.27 views

CVE-2026-28766 Gardyn Cloud API Missing Authentication for Critical Function

A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication...

9.3CVSS0.00436EPSS
Exploits1References3
Rows per page
Query Builder