EUVD-2026-12229
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-service condition.
Analysis
Arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in its WiFiUDP component that allows unauthenticated attackers on the same local network to trigger a denial-of-service condition by flooding the device with malicious UDP packets. The vulnerability causes memory exhaustion leading to application crashes; while not actively exploited in the wild (KEV status unknown from provided data), the local network attack vector and high availability impact (CVSS 6.5) warrant prompt patching for affected IoT deployments.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today