IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Gardyn Home Kit (Update B)

CRITICAL
CVSS 9.3
Date 2026-07-02T05:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment.

// Vulnerabilities (10)

CVE ID CVSS Score Severity Description
CVE-2026-28766 9.3 critical
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
CVE-2026-28767 5.3 medium
A specific administrative endpoint notifications is accessible without proper authentication.
CVE-2026-32646 7.5 high
A specific administrative endpoint is accessible without proper authentication, exposing device management functions.
CVE-2025-10681 8.6 high
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
CVE-2026-25197 9.1 critical
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
CVE-2026-32662 5.3 medium
Development and test API endpoints are present that mirror production functionality.
CVE-2025-29628 8.3 high
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.
CVE-2025-29629 8.3 high
The Gardyn Home Kit uses weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.
CVE-2025-1242 9.1 critical
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.
CVE-2025-29631 9.1 critical
The Gardyn Home Kit is vulnerable to command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system commands on a target Home Kit.

// Remediations (6)

Mitigation: Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile applic
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation: The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation: Further customer support can be obtained from Gardyn at: [email protected]
Further customer support can be obtained from Gardyn at: [email protected]
Mitigation: Further information on Gardyn security can be found here: https://mygardyn.com/security/
Further information on Gardyn security can be found here: https://mygardyn.com/security/
Mitigation: Gardyn requests that users ensure their devices have Internet connectivity in order to automatically
Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version.
Mitigation: Further customer support can be obtained from Gardyn at: [email protected]
Further customer support can be obtained from Gardyn at: [email protected]

// References