5 matches found
CVE-2025-56558
The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...
CVE-2025-56558
The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...
CVE-2025-56558
The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...
PT-2025-44327
Name of the Vulnerable Software and Affected Versions Dyson App versions 6.1.23041-23595 Description An issue allows unauthenticated attackers to remotely control other users' Dyson IoT devices via MQTT. Recommendations At the moment, there is no information about a newer version that contains a...
CVE-2025-56558
The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...