Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Gardyn IoT Hub: Admin Credentials Exposed Through API and Device Access
CVE-2025-1242
Summary
The Gardyn IoT Hub's administrative credentials can be accessed through its API, reverse engineering of the mobile app, or device firmware. This could allow an attacker to take control of connected devices. Users should update their Gardyn IoT Hub software and ensure they use strong, unique passwords for all accounts.
Original title
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an att...
Original description
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.
nvd CVSS3.1
9.1
nvd CVSS4.0
9.3
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026