CVE-2025-1242

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

EUVD-2025-208113

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

CVE-2025-1242 Administrative Credentials Can Be Extracted Through Gardyn API Responses

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

CVE-2025-1242

CVE-2025-1242 affects Gardyn Home Kit via Gardyn IoT Hub. Root cause: hard-coded administrative credential iothubowner exposed across multiple vectors (API responses, mobile app, and device firmware), enabling unauthenticated full admin access to the hub and connected devices. Connected documents...

CVE-2025-1242 Administrative Credentials Can Be Extracted Through Gardyn API Responses

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

Gardyn 4 信任管理问题漏洞

Gardyn 4 is a home-use vertical hydroponic cultivation system developed by the American company Gardyn. Gardyn 4 has a vulnerability related to trust management. This vulnerability stems from the ability to extract management credentials through application API responses, mobile application rever...

PT-2026-21920

Name of the Vulnerable Software and Affected Versions Gardyn IoT Hub affected versions not specified Description Administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. This exposure may allow ...

Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach

This paper presents a comprehensive analysis of T-Mobile's critical data breaches in 2021 and 2023, alongside a full-spectrum security audit targeting its systems, infrastructure, and publicly exposed endpoints. By combining case-based vulnerability assessments with active ethical hacking...

Fuzzy matching with Ghidra BSim, a guide

TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. Rapidly identify and annotate functions from known libraries. Fuzzy matching works with unknowns, like exact library versions and compiler options. Automatically define custom variable...

efiXplorer - IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation

efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions o...

Reverse Engineering Keys from Firmware. A how-to

TL;DR It is possible to reverse engineer keys from firmware with some tips: 1. Always looks for strings/constants. 2. Make guesses about the original source. 3. Find a function you can recognise and work backwards to identify other functions. 4. It helps if they use open-source code so you can cr...

Turning an OBD-II reader into a USB / NFC attack tool

One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...