anonhaven
Ad

CVE-2026-3465

LOW CVSS 4.0: 2.3 EPSS 0.05%
Updated Mar 03, 2026
Parameter Value
CVSS 2.3 (LOW)
Type CWE-404 (Improper Resource Shutdown or Release)
Public PoC No

A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruise_time causes denial of service.

Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation appears to be difficult.

The exploit has been publicly disclosed and may be utilized. There is ongoing doubt regarding the real existence of this vulnerability. The vendor disagrees with the conclusion of the finding: "The described vulnerability fails to prove its feasibility or exploitability by attackers.

The issue essentially does not constitute a security vulnerability, aligning more closely with abnormal product functionality." These considerations are properly reflected within the CVSS vector.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-404 Improper Resource Shutdown or Release

References 4

https://github.com/deopllj/Device_CVE_Archive/blob/main/Yonganda%20YAD-LOJ%20CV…
cna@vuldb.com
https://vuldb.com/?ctiid.348536
cna@vuldb.com
https://vuldb.com/?id.348536
cna@vuldb.com
https://vuldb.com/?submit.744108
cna@vuldb.com
Share Post Share Share Share