CVE-2026-28519

Sažetak

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.

Reference

https://github.com/tuya/arduino-TuyaOpen
https://src.tuya.com/announcement/32
https://www.vulncheck.com/advisories/arduino-tuyaopen-dnsserver-heap-based-buffer-overflow-remote-code-execution

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-03-2026 - 15:38

Objavljeno

16-03-2026 - 14:19