Gardyn Home 40 Multiple Vulnerabilities
漏洞信息
漏洞名称: Gardyn Home 4.0 Multiple Vulnerabilities
漏洞编号:
- CVE: CVE-2025-29628, CVE-2025-29629, CVE-2025-29630, CVE-2025-29631
漏洞类型: 其他
漏洞等级: 高危
漏洞描述: Gardyn Home 4.0是一款智能水培花园设备,旨在为用户提供便捷的室内种植解决方案。该设备通常部署在家庭环境中,通过连接本地网络实现远程监控和管理。由于其智能化和网络化的特性,Gardyn Home 4.0在家庭用户中具有一定的普及率。此次披露的漏洞涉及多个安全问题,包括弱默认凭证、SSH密钥后门、设备完全接管和命令注入等。这些漏洞的技术根源主要在于设备的安全配置不当和输入验证不足。例如,弱默认凭证问题源于设备出厂时设置的默认密码强度不足,而命令注入漏洞则是由于系统对用户输入的处理不严格,导致攻击者可以通过构造恶意输入执行任意命令。这些漏洞的存在使得攻击者可能获得设备的系统级访问权限,进而对设备及其连接的本地网络发起进一步攻击。此外,攻击者还可能通过利用这些漏洞干扰设备的正常运行,甚至对设备及其种植的植物造成损害。值得注意的是,部分漏洞如弱默认凭证和SSH密钥后门,虽然厂商已采取了一些措施(如禁用SSH密码认证和清理SSH授权密钥中的个人信息),但问题并未完全解决。而设备完全接管和命令注入漏洞则尚未得到修补,这增加了设备被攻击的风险。
产品厂商: Gardyn
产品名称: Gardyn Home 4.0
来源: https://github.com/mselbrede/gardyn
类型: CVE-2025:github search
仓库文件
- CVE-2025-29628_CVE-2025-29631.md
- CVE-2025-29629.md
- CVE-2025-29630.md
- LICENSE
- README.md
- run_cli.png
来源概述
Summary
In February 2025 I conducted security research on a Gardyn Home 4.0 device. During my research, I discovered multiple vulnerabilities and poor security practices. By leveraging these vulnerabilities an attacker may be able to gain system level access to a Gardyn device and use it to stage further attacks against the local area network it is connected to. An attacker may also use this access to affect the normal operation of the device, including damaging the plants being grown in the device and the device itself.
This repository contains the technical details and status for a collection of vulnerabilities in the Gardyn hydroponics garden. This information is being released with the purpose if informing consumers with unresolved issues in the security of the Gardyn product.
Disclosure Timeline
2025-02-21 - Initial contact with vendor attempted.
2025-02-26 - Contact made with vendor sales team.
2025-04-07 - Contact made with vendor technical representative. Technical details of all vulnerabilities disclosed.
2025-06-14 - Follow up attempted with vendor regarding existing vulnerabilties.
as of 2025-07-04
| CVE | Issue | Status |
|---|---|---|
| CVE-2025-29629 | Weak Default Credentials | The credentials are still the same, but password authentication has been disabled for SSH |
| CVE-2025-29630 | SSH Key Backdoor | An SSH authorized key still exists but has been scrubbed of personally identifying information of a Gardyn Employee. |
| CVE-2025-29628 | Full device takeover | Unpatched |
| CVE-2025-29631 | Command Injection | Unpatched |