VYPR

IoT Hub

by Mygardyn

CVEs (4)

  • CVE-2026-13768criJul 2, 2026
    risk 0.65cvss 10.0epss 0.01

    Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to…

  • CVE-2025-1242CriFeb 25, 2026
    risk 0.59cvss 9.1epss 0.00

    The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected…

  • CVE-2026-54477medJul 2, 2026
    risk 0.35cvss 5.4epss 0.00

    The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.

  • CVE-2026-55726medJul 2, 2026
    risk 0.34cvss 5.3epss 0.00

    The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.