CVE-2025-1242
Administrative Credential Exposure in Gardyn IoT Hub via API and Firmware
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gardyn | gardyn_home | From 619 (inc) |
| gardyn | gardyn_mobile_app | From 2.11.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the exposure of administrative credentials through multiple attack vectors including application API responses, reverse engineering of the mobile application, and reverse engineering of the device firmware.
An attacker exploiting this vulnerability could gain full administrative access to the Gardyn IoT Hub, which controls connected devices.
This means unauthorized users could potentially control the IoT devices managed by the Gardyn system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to take full administrative control of the Gardyn IoT Hub.
- Remote control of connected devices such as altering lighting or watering schedules.
- Access to plant photos and limited personal information including name, address, phone number, and email address.
There was no exposure of app login credentials or home network Wi-Fi passwords, but users concerned about network security were advised to reset their Wi-Fi passwords as a precaution.
The vulnerability has been fully remediated with security updates that are automatically installed when devices connect to the Internet.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for exposure of administrative credentials through application API responses, mobile application reverse engineering, or device firmware reverse engineering.
Users can verify if their Gardyn devices are running the patched firmware version 619 or later and if the Gardyn mobile app is updated to version 2.11.0 or later by checking the app under Settings β Advanced.
No specific network or system commands are provided in the available resources to detect this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that Gardyn devices are connected to the Internet to receive automatic firmware updates to version 619 or later.
Users should update the Gardyn mobile app to version 2.11.0 or later.
As a precaution, customers concerned about network exposure are advised to reset their Wi-Fi passwords.
Users can verify device and app versions via the Gardyn mobile app under Settings β Advanced.