Tuya App and SDK Denial-of-Service Vulnerability on Android

A denial-of-service vulnerability has been identified in the Tuya App and SDK version 24.07.11 on Android. The issue arises from the JSON Data Point Handler component, where the cruise_time argument can be manipulated, leading to application instability. This vulnerability can be exploited remotely, although the attack's complexity is considered high. The existence of this vulnerability is disputed by the vendor, who claims it does not represent a real security issue but rather an abnormality in product functionality.

Impact

Exploitation of this vulnerability causes the Tuya application to freeze and crash, creating a denial-of-service condition at the application level.

Reproduction

The vulnerability can be reproduced by sending malformed JSON data to a device using the affected version of the Tuya App or SDK. This malformed data should be directed to Data Point ID 177, which corresponds to the cruise_time parameter. Once the malformed data is accepted and stored by the device, accessing the Cruise Time configuration page in the Tuya App will trigger the application to freeze and crash, demonstrating the denial-of-service condition.