Primary

Context

Gardyn Hard-Coded Credential Vulnerability in Mobile Application and Device Firmware

Vulnerability

A vulnerability exists in the Gardyn mobile application and device firmware due to hard-coded storage credentials that do not properly restrict user permissions or expire in a timely manner. This issue could potentially allow unauthorized access to production storage containers. The vulnerability affects the Gardyn Home Kit and Gardyn Studio, specifically in the mobile application versions prior to 2.11.0 and the cloud API versions prior to 2.12.2026.

Impact

Exploitation of this vulnerability could enable unauthorized users to access and control Gardyn edge devices, retrieve cloud-based user information, and disrupt connected devices within the Gardyn ecosystem.

Remediation

Users are advised to update their Gardyn mobile application to version 2.11.0 or later and ensure their Gardyn Home Kit or Studio devices are running firmware version master.622 or later. For assistance, contact Gardyn support.

Added: Apr 3, 2026, 9:29 PM

Updated: Apr 3, 2026, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gardyn Hard-Coded Credential Vulnerability in Mobile Application and Device Firmware

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating