{
  "repository": "vendor-firmware:Cudy LT300 V3",
  "commit_source": "firmware_release_metadata_and_hashes",
  "commit_sha": null,
  "submitted_target": {
    "target_kind": "firmware_release",
    "version": "LT300V3-R100-2.4.5-20250519-131314",
    "ref": "https://www.cudy.com/cdn/shop/files/LT300V3-R100-2.4.5-20250519-131314-flash.zip?v=10842839406105661888",
    "display": "Cudy LT300 V3 firmware 2.4.5 vulnerable target",
    "firmware_sha256": "c414fd3e6310ebcfed27b6fc7eed11c406e2a468c58f2574f4884690b2c7d868",
    "rom_version": "2.4.5-20250519-131314"
  },
  "variant_target": {
    "target_kind": "firmware_release",
    "version": "LT300V3-R100-2.5.12-20260518-234632",
    "ref": "https://www.cudy.com/cdn/shop/files/LT300V3-R100-2.5.12-20260518-234632-flash.zip?v=5761387538079304484",
    "display": "Cudy LT300 V3 firmware 2.5.12 fixed/control target",
    "firmware_sha256": "8d0e515a0e68cefc3658e66d38ca84f69fe1591a5fa8e3abcb9880d170cfaebf",
    "rom_version": "2.5.12-20260518-234632"
  },
  "notes": "No git commit is available for vendor firmware. Source identity is captured by firmware release filenames, /etc/rom_version values, firmware zip SHA-256 hashes, and handler bytecode SHA-256 hashes in bundle/logs/vuln_variant/product/code_identity.txt. The validation verdict is not a confirmed fixed-version bypass, but this identity file is provided because a distinct vulnerable-version alternate trigger was runtime-backed."
}
