VYPR

Tuya SDK

by Tuya

CVEs (6)

  • CVE-2025-5748HigJun 6, 2025
    risk 0.52cvss 8.0epss 0.00

    WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit…

  • CVE-2026-28522MedMar 16, 2026
    risk 0.35cvss 6.5epss 0.00

    arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets that trigger a null pointer dereference, resulting in a denial-of-service…

  • CVE-2024-32268LowApr 29, 2024
    risk 0.21cvss 3.3epss 0.00

    An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.

  • CVE-2024-3764LowApr 14, 2024
    risk 0.18cvss 2.7epss 0.01

    ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2025-56400Nov 24, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own…

  • CVE-2025-56557Sep 16, 2025
    risk 0.00cvss epss 0.00

    An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.