CVE-2026-28520

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.4 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device.

Vulnerability Details

Published Date

March 16, 2026

Last Modified

March 17, 2026

CWE ID

CWE-193

Source

NVD

Vendor

Tuya

Product

arduino-TuyaOpen

External References

https://github.com/tuya/arduino-TuyaOpen
https://src.tuya.com/announcement/32
https://www.vulncheck.com/advisories/arduino-tuyaopen-wifimulti-single-byte-buffer-overflow-remote-code-execution

CVE-2026-28520

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment