cbcvebase.

Gardyn Home Kit Firmware vulnerabilities

3 known vulnerabilities affecting gardyn/home_kit_firmware.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3

Vulnerabilities

Page 1 of 1
CVE-2025-29631P2CRITICALCVSS 9.8fixed in master.6192025-07-25
CVE-2025-29631 [CRITICAL] CWE-78 CVE-2025-29631: Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system comman
nvd
CVE-2025-29629P3CRITICALCVSS 9.1fixed in master.6192025-07-25
CVE-2025-29629 [CRITICAL] CWE-1392 CVE-2025-29629: Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.
nvd
CVE-2025-29628P3CRITICALCVSS 9.4fixed in master.6192025-07-25
CVE-2025-29628 [CRITICAL] CWE-924 CVE-2025-29628: A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Ho A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker
nvd
Gardyn Home Kit Firmware vulnerabilities | cvebase