Home / Vulnerability Intelligence / CVE-2026-28520

CVE-2026-28520 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 17, 2026

arduino-TuyaOpen - Remote Code Execution

Published: March 16, 2026Updated: March 17, 2026

Overview

arduino-TuyaOpen < 1.2.1 contains a buffer overflow caused by improper handling in the WiFiMulti component, letting attackers execute arbitrary code when the device connects to a malicious AP hotspot.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 1.3%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code on the embedded device, potentially taking full control.

Mitigation

Upgrade to version 1.2.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-28520 - High (8.4) arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28520/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28520
Severity: High
CVSS Score: 8.4
Type: buffer_overflow
Status: confirmed
EPSS: 1.3%
Social Posts: 1

CWE

CWE-193

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.3%Probability of exploitation in the next 30 days