Gardyn Home Kit Administrative Credential Extraction Vulnerability

A vulnerability exists in the Gardyn Home Kit ecosystem, allowing for the extraction of administrative credentials. This issue can be exploited through application API responses, reverse engineering of the mobile application, or analysis of device firmware. Successful exploitation could grant an attacker full administrative access to the Gardyn IoT Hub, potentially allowing malicious control over connected devices.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the Gardyn IoT Hub, allowing control over connected devices.

Remediation

Users are advised to update their Gardyn Home Kit devices to firmware version master.619 or later and to ensure their Gardyn mobile application is updated to version 2.11.0 or later. Further information on Gardyn security can be found on the Gardyn security webpage. For customer support, contact Gardyn at support@mygardyn.com.