"According to CISA, Gardyn products were affected by two critical and two high-severity vulnerabilities. One of the critical flaws, tracked as CVE-2025-29631, is a command injection issue that can be exploited to execute arbitrary OS commands on the targeted device. The second critical vulnerability, CVE-2025-1242, is related to the exposure of hardcoded admin credentials that can be used to gain full control of the Gardyn IoT Hub."
"The high-severity vulnerabilities, CVE-2025-29628 and CVE-2025-29629, are related to the cleartext transmission of sensitive information by the Azure IoT Hub (exposure to MitM attacks) and the use of default credentials that allow SSH access."
"In a security advisory published this week Gardyn informed customers that it has released patches for Gardyn Home and Gardyn Studio. The fixes include mobile app updates and smart garden firmware updates, which should have already been installed by most users considering that firmware is automatically updated when an internet connection is available."
Gardyn smart hydroponic gardens were vulnerable to critical security flaws that could enable remote exploitation. Two critical vulnerabilities included command injection allowing arbitrary OS command execution and hardcoded admin credentials granting full device control. Two high-severity flaws involved cleartext transmission of sensitive data vulnerable to man-in-the-middle attacks and default SSH credentials. Approximately 138,000 devices were affected. Gardyn released patches through automatic firmware updates and mobile app updates. The vendor confirmed no evidence of active exploitation and that payment information remained unexposed.
#iot-security-vulnerabilities #smart-garden-hacking #cybersecurity-patches #remote-code-execution #hardcoded-credentials
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]