arduino-TuyaOpen 安全漏洞

Arduino-TuyaOpen is an IoT development framework based on Arduino, open-sourced by Tuya. Versions of Arduino-TuyaOpen prior to 1.2.1 contained security vulnerabilities. These vulnerabilities stemmed from a heap-based buffer overflow in the DnsServer component, which could allow for the execution ...

PT-2026-6314

Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a flaw in the WPS Wi-Fi Protected Setup Enrollee implementation. Malformed...

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

Espressif ESP-IDF 资源管理错误漏洞

Espressif ESP-IDF is an IoT development framework from China Loxin Espressif. A resource management error vulnerability exists in versions of Espressif ESP-IDF prior to 1.1.0, which stems from the use of outdated pointers when handling the length of an attacker-controlled report descriptor, which...

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

CVE-2025-66409

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...

EUVD-2025-197854

ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...

CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...

Espressif IoT Development Framework 安全漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A security vulnerability exists in the Espressif IoT Development Framework that stems from a memory overflow that could lead to issues with Wi-Fi credential handling and Diffie-Hellman key...

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF version 5.3.0, which originates from allowing an attacker to cause a denial of service via specially crafted data channel packets...

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...

Linaro Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro. A security vulnerability exists in Linaro Trusted Firmware-M TF-M, which stems from Trusted Firmware-M TF-M 1.4.0, where access control is incorrect when...

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China's Lexin Information Technology Espressif. Espressif ESP-IDF suffers from a security vulnerability that stems from a security issue in the commercial BT stack. The vulnerability can be exploited by an attacker to cause...

What’s in the Box? Part II: Hacking the iParcelBox

ARCHIVED STORY What’s in the Box? Part II: Hacking the iParcelBox By Steve Povolny · June 18, 2020 Package delivery is just one of those things we take for granted these days. This is especially true in the age of Coronavirus, where e-commerce and at-home deliveries make up a growing portion of...