Browse all 10 CVE security advisories affecting arduino. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arduino serves as an open-source electronics platform for creating interactive projects, widely used in prototyping and educational environments. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces and default credentials. While not a primary target for sophisticated attacks, its accessibility makes it susceptible to exploitation in IoT deployments. Notable incidents involve compromised devices being used in botnets or for unauthorized data collection. The platform's simplicity and widespread adoption present security challenges, particularly when deployed without proper hardening. Users must remain vigilant about potential vulnerabilities, especially in internet-connected implementations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-49296 | Arduino Create Agent vulnerable to Reflected Cross-Site Scripting — arduino-create-agentCWE-79 | 6.3 | Medium | 2023-12-13 |
| CVE-2023-43800 | Insufficient Verification of Data Authenticity in Arduino Create Agent — arduino-create-agentCWE-345 | 7.3 | High | 2023-10-18 |
| CVE-2023-43801 | Path traversal in Arduino Create Agent — arduino-create-agentCWE-22 | 6.1 | Medium | 2023-10-18 |
| CVE-2023-43802 | Path traversal in Arduino Create Agent — arduino-create-agentCWE-22 | 7.1 | High | 2023-10-18 |
| CVE-2023-43803 | Path traversal in Arduino Create Agent — arduino-create-agentCWE-22 | 6.1 | Medium | 2023-10-18 |
This page lists every published CVE security advisory associated with arduino. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.