Gardyn Home Kit
Summary
Multiple vulnerabilities in the Gardyn Home Kit, including the mobile application and Cloud API, could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information, and pivot to other edge devices. The vulnerabilities include cleartext transmission of sensitive information, use of default credentials, OS command injection, and use of hard-coded credentials.
IFF Assessment
Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices.
Severity
Defender Context
IoT devices, particularly those used in food and agriculture, are attractive targets. Defenders should ensure that IoT devices are up-to-date with the latest security patches, and should monitor network traffic for suspicious activity related to these devices. Using strong, unique passwords and enforcing multi-factor authentication can also help mitigate the risk of compromise.