VYPR
Vendor

Garmin

Products
6
CVEs
18
Across products
22
Status
Private

Products

6

Recent CVEs

18
  • CVE-2025-27851CriMay 13, 2026
    risk 0.60cvss 9.3epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of…

  • CVE-2025-27850HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a…

  • CVE-2025-27853HigMay 13, 2026
    risk 0.47cvss 7.3epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any…

  • CVE-2025-27852MedMay 13, 2026
    risk 0.33cvss 5.0epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level…

  • CVE-2023-23305May 23, 2023
    risk 0.00cvss epss 0.01

    The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.

  • CVE-2023-23304May 23, 2023
    risk 0.00cvss epss 0.01

    The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module…

  • CVE-2023-23306May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call…

  • CVE-2023-23300May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack…

  • CVE-2023-23301May 23, 2023
    risk 0.00cvss epss 0.01

    The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends…

  • CVE-2023-23299May 23, 2023
    risk 0.00cvss epss 0.01

    The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and…

  • CVE-2023-23298May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with…

  • CVE-2023-23302May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object…

  • CVE-2023-23303May 23, 2023
    risk 0.00cvss epss 0.01

    The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted…

  • CVE-2020-27483Nov 16, 2020
    risk 0.00cvss epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts…

  • CVE-2020-27484Nov 16, 2020
    risk 0.00cvss epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to…

  • CVE-2020-27485Nov 16, 2020
    risk 0.00cvss epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to…

  • CVE-2020-27486Nov 16, 2020
    risk 0.00cvss epss 0.02

    Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the…

  • CVE-2009-0194May 11, 2009
    risk 0.00cvss epss 0.02

    The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the…