ReportizFlow
Filtered by vendor Gardyn
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28766 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 9.3 Critical |
| A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | ||||
| CVE-2026-25197 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 9.1 Critical |
| A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | ||||
| CVE-2025-10681 | 1 Gardyn | 2 Cloud Api, Mobile Application | 2026-04-07 | 8.6 High |
| Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers. | ||||
| CVE-2026-32662 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 5.3 Medium |
| Development and test API endpoints are present that mirror production functionality. | ||||
| CVE-2026-32646 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 7.5 High |
| A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | ||||
| CVE-2026-28767 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 5.3 Medium |
| A specific administrative endpoint notifications is accessible without proper authentication. | ||||
| CVE-2025-1242 | 1 Gardyn | 3 Home Kit, Home Kit Cloud Api, Home Kit Mobile Application | 2026-02-27 | 9.1 Critical |
| The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control. | ||||
Page 1 of 1.