Gardyn Home Kit and Studio Unauthenticated Administrative Endpoint Vulnerability

A vulnerability exists in the Gardyn Home Kit and Gardyn Studio ecosystems, allowing unauthenticated users to access a specific administrative endpoint for notifications. This endpoint is part of the Gardyn Cloud API and is accessible without proper authentication, potentially leading to unauthorized access and control over connected edge devices. The vulnerability affects several components of the Gardyn ecosystem, including the Gardyn Home Kit firmware, Gardyn Studio firmware, and the Gardyn mobile application versions prior to 2.11.0.

Impact

Exploitation of this vulnerability could allow unauthenticated users to access the administrative notifications endpoint, potentially leading to unauthorized actions or information retrieval related to device management and user notifications.

Remediation

Users are advised to update their Gardyn mobile application to version 2.11.0 or later. For Gardyn Home Kit and Studio devices, ensure that the firmware is updated to version master.622 or later. Connected devices will automatically receive the update when online. For further assistance, contact Gardyn support.