IM
IronMonkey Threat Research

CVE-2025-29629 CRITICAL

Published: 2025-07-25 | Last Modified: 2026-04-15 | Status: Deferred

Description

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

Additional Descriptions (1)

Un problema en Gardyn 4 permite que un atacante remoto obtenga información confidencial y ejecute código arbitrario a través del componente Gardyn Home

CVSS Metrics

Base Score: 9.1 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactNONE

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 5.2

Weaknesses

Source Type Description
[email protected] Primary
en CWE-1392
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-94
en CWE-200
Notification
Message here