5 matches found
CVE-2026-50085
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
CVE-2026-50085 Aqara Board IoT insecure debug API
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
CVE-2026-50085 Aqara Board IoT insecure debug API
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
EUVD-2026-36475
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
CVE-2026-50085
The CVE-2026-50085 entry concerns the Aqara Board service at op-test.aqara.com. Connected sources provide concrete details: the service accepts arbitrary MQTT command payloads and forwards them to the platform’s HiveMQ broker without authentication, representing CWE-306 Missing Authentication for...