Arduino 安全漏洞

Arduino is a microcontroller board developed by the Arduino project. Versions of Arduino prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to a stack reuse issue in the pwmstart function, which could lead to memory corruption...

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

EUVD-2026-12228

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

CVE-2026-28522

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulti...

CVE-2026-28520 arduino-TuyaOpen WiFiMulti Single-Byte Buffer Overflow Remote Code Execution

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

PT-2026-25553

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulti...

Arduino and AVR Board Security Vulnerabilities

Arduino AVR Boards is an open-source software kernel of Arduino. Versions of Arduino AVR Boards prior to 1.8.7 contained security vulnerabilities. These vulnerabilities stemmed from stack buffer overflows during the conversion of high-precision floating-point numbers into strings, which could lea...

CVE-2025-49604

For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented...

CVE-2025-53540

The CVE-2025-53540 entry concerns arduino-esp32 (Arduino core for ESP32/variants). Several OTA update examples and the HTTPUpdateServer allow POST requests without CSRF protection, enabling an attacker to upload arbitrary firmware and achieve remote code execution (RCE). Affected versions are pri...

The vulnerability of the Visual Studio Code extension for Arduino, a code editor for Visual Studio Code, arises from the lack of authentication for a critical function. This allows a hacker to execute arbitrary code.

The vulnerability of the Visual Studio Code extension for Arduino code editor involves a lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company's range of hardware and software offerings. October's monthly security update from Microsoft includes fixes for 117 CVEs, the most in...

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

CVE-2024-43488

CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...

CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

...

CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

...

Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

KLA73906 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual C++...

Arduino: Remote Code Execution

Background Arduino is an open-source AVR electronics prototyping platform. Description A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details. Impact Arduino bundles a vulnerable version of log4j that may lead to remote code execution...

GLSA-202312-04 : Arduino: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-04 Arduino: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...