CVE-2025-1242 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 27, 2026
Gardyn IoT Hub - Authentication Bypass
Overview
Gardyn IoT Hub contains an information disclosure caused by exposure of administrative credentials through API responses, mobile app, and firmware reverse engineering, letting attackers gain full administrative access, exploit requires access to application or device firmware.
Severity & Score
Impact
Attackers can gain full administrative access, allowing malicious control over connected devices.
Mitigation
Update to the latest version or apply patches that secure credential exposure.
References
Social Media Activity(2 posts)
š“ CVE-2025-1242 - Critical (9.1) The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the G... š https://www.thehackerwire.com/vulnerability/CVE-2025-1242/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2025-1242 - Critical (9.1) The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the G... š https://www.thehackerwire.com/vulnerability/CVE-2025-1242/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(3 repos)
Related Resources
Details
- CVE ID
- CVE-2025-1242
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 2.8%
- Social Posts
- 2
CWE
- CWE-798
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N