POC详情: 4fa345ae088aa8c29be7c044da1c85535df31087

来源
https://github.com/mselbrede/gardyn
关联漏洞
标题: Gardyn 4 安全漏洞 (CVE-2025-29628)
描述:Gardyn 4是美国Gardyn公司的一种家用垂直水培种植系统。 Gardyn 4存在安全漏洞,该漏洞源于请求处理不当,可能导致信息泄露和执行任意代码。
描述
CVE-2025-29628, CVE-2025-29629, CVE-2025-29630, CVE-2025-29631
介绍
## Summary

In February 2025 I conducted security research on a Gardyn Home 4.0 device. During my research, I discovered multiple vulnerabilities and poor security practices. By leveraging these vulnerabilities an attacker may be able to gain system level access to a Gardyn device and use it to stage further attacks against the local area network it is connected to. An attacker may also use this access to affect the normal operation of the device, including damaging the plants being grown in the device and the device itself.

This repository contains the technical details and status for a collection of vulnerabilities in the Gardyn hydroponics garden. This information is being released with the purpose if informing consumers with unresolved issues in the security of the Gardyn product. 

## Disclosure Timeline

2025-02-21 - Initial contact with vendor attempted.
2025-02-26 - Contact made with vendor sales team.
2025-04-07 - Contact made with vendor technical representative. Technical details of all vulnerabilities disclosed.
2025-06-14 - Follow up attempted with vendor regarding existing vulnerabilties.



*as of 2025-07-04*

| **CVE**        | **Issue**                | **Status**                                                                                                           |
| -------------- | ------------------------ | -------------------------------------------------------------------------------------------------------------------- |
| CVE-2025-29629 | Weak Default Credentials | The credentials are still the same, but password authentication has been disabled for SSH                            |
| CVE-2025-29630 | SSH Key Backdoor         | An SSH authorized key still exists but has been scrubbed of personally identifying information of a Gardyn Employee. |
| CVE-2025-29628 | Full device takeover     | Unpatched                                                                                                            |
| CVE-2025-29631 | Command Injection        | Unpatched                                                                                                            |
文件快照

 [4.0K]  /data/pocs/4fa345ae088aa8c29be7c044da1c85535df31087
├── [5.1K]  CVE-2025-29628_CVE-2025-29631.md
├── [ 681]  CVE-2025-29629.md
├── [ 694]  CVE-2025-29630.md
├── [1.0K]  LICENSE
├── [2.1K]  README.md
└── [ 35K]  run_cli.png

0 directories, 6 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。