Impact
The vulnerability is a publicly listable Azure Blob Storage container that holds device logs for Gardyn devices. Because authentication requirements are missing, an attacker can enumerate and download any log file, potentially exposing operational data, credentials, or configuration details. This information‑disclosure weakness is classified as CWE‑497 and can compromise the confidentiality of user data while providing an attacker with a foundation for further targeted attacks.
Affected Systems
The flaw affects Gardyn products that use the Azure Blob Storage for logging, specifically the Gardyn Cloud API, Gardyn Home Firmware, and Gardyn Studio Firmware. No version data is provided, so any current deployment of these products could be impacted until the vendor's fix is applied.
Risk and Exploitability
With a CVSS score of 6.9, the risk is moderate, yet the ease of exploitation is high: the container is reachable over the internet and requires no authentication. Exploitation would allow an attacker to retrieve log files without interacting with the device directly. The EPSS score is not available and the vulnerability is not listed in KEV, indicating no publicly documented exploit at this time. The vulnerability can operate purely from a remote location and is likely to remain exploitable until updated firmware or infrastructure changes are deployed.
OpenCVE Enrichment