CVE-2025-10681— Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-10681
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
Source: NVD (National Vulnerability Database)
Vulnerability Description
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gardyn Home Kit Cloud API和Gardyn Mobile Application 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gardyn Home Kit Cloud API和Gardyn Mobile Application都是美国Gardyn公司的产品。Gardyn Home Kit Cloud API是一个室内水培种植系统。Gardyn Mobile Application是一款手机控制应用。 Gardyn Home Kit Cloud API和Gardyn Mobile Application存在信任管理问题漏洞,该漏洞源于移动应用和设备固件中硬编码存储凭据,可能导致未经授权访问生产存储容器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gardyn | Mobile Application | 0 ~ 2.11.0 | - | |
| Gardyn | Cloud API | 0 ~ 2.12.2026 | - |
II. Public POCs for CVE-2025-10681
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-10681
请登录查看更多情报信息。
Same Patch Batch · Gardyn · 2026-04-03 · 6 CVEs total
| CVE-2026-28766 | 9.3 CRITICAL | Gardyn Cloud API Missing Authentication for Critical Function |
| CVE-2026-25197 | 9.1 CRITICAL | Gardyn Cloud API Authorization Bypass Through User-Controlled Key |
| CVE-2026-32646 | 7.5 HIGH | Gardyn Cloud API Missing Authentication for Critical Function |
| CVE-2026-32662 | 5.3 MEDIUM | Gardyn Cloud API Active Debug Code |
| CVE-2026-28767 | 5.3 MEDIUM | Gardyn Cloud API Missing Authentication for Critical Function |
IV. Related Vulnerabilities
Same vendor: Gardyn
- CVE-2026-25197
Gardyn Cloud API Authorization Bypass Through User-Controlle - CVE-2026-28766
Gardyn Cloud API Missing Authentication for Critical Functio - CVE-2026-28767
Gardyn Cloud API Missing Authentication for Critical Functio - CVE-2026-32646
Gardyn Cloud API Missing Authentication for Critical Functio - CVE-2026-32662
Gardyn Cloud API Active Debug Code
Same weakness: CWE-798
- CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2026-8032
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-cod - CVE-2026-32834
Easy PayPal Events & Tickets 1.3 Authentication Bypass via Q - CVE-2026-42376
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials - CVE-2026-42375
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
V. Comments for CVE-2025-10681
No comments yet