VYPR
Vendor

Mygardyn

Products
5
CVEs
13
Across products
19
Status
Private

Products

5

Recent CVEs

13
  • CVE-2025-29631CriJul 25, 2025
    risk 0.64cvss 9.8epss 0.02

    Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The…

  • CVE-2025-29628CriJul 25, 2025
    risk 0.61cvss 9.4epss 0.00

    A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and…

  • CVE-2026-28766CriApr 3, 2026
    risk 0.60cvss 9.3epss 0.00

    A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.

  • CVE-2026-25197CriApr 3, 2026
    risk 0.59cvss 9.1epss 0.00

    A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.

  • CVE-2025-1242CriFeb 25, 2026
    risk 0.59cvss 9.1epss 0.00

    The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected…

  • CVE-2025-29629CriJul 25, 2025
    risk 0.59cvss 9.1epss 0.00

    Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

  • CVE-2026-32646HigApr 3, 2026
    risk 0.49cvss 7.5epss 0.00

    A specific administrative endpoint is accessible without proper authentication, exposing device management functions.

  • CVE-2026-32662MedApr 3, 2026
    risk 0.34cvss 5.3epss 0.00

    Development and test API endpoints are present that mirror production functionality.

  • CVE-2026-28767MedApr 3, 2026
    risk 0.34cvss 5.3epss 0.00

    A specific administrative endpoint notifications is accessible without proper authentication.

  • CVE-2021-1582Aug 25, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input…

  • CVE-2021-1581Aug 25, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these…

  • CVE-2021-1580Aug 25, 2021
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these…

  • CVE-2021-1578Aug 25, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device.…