Lucene search
K

9 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.23 views

CVE-2026-50084

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-50082

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS0.00219EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:2 p.m.20 views

CVE-2026-50090

Technical details about CVE-2026-50090 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected components, impact, and fixes.

9.3CVSS5.3AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:2 p.m.11 views

EUVD-2026-36480

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

9.3CVSS5.2AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.9 views

CVE-2026-50084 Aqara API cross-account access

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.4AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.10 views

EUVD-2026-36474

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.3AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48914

Name of the Vulnerable Software and Affected Versions Aqara Cloud affected versions not specified Description The OAuth Authorization Endpoint "open-cn.aqara.com/oauth/authorize" is subject to a redirect bypass caused by improper validation of unsafe equivalence in input. This flaw allows for...

9.3CVSS5.2AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.39 views

PT-2026-48908

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.3AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48906

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS5.4AI score0.00219EPSS
Exploits0References3
Rows per page
Query Builder