Lucene search
K

19 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-50087

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00192EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.15 views

CVE-2026-50089

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.9 views

CVE-2026-50083

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:2 p.m.24 views

CVE-2026-50089 Aqara IAM/SSO Gateway open redirect

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:2 p.m.13 views

CVE-2026-50089

CVE-2026-50089 affects the Aqara IAM/SSO Gateway (gw-builder.aqara.com) and is described as an open redirect (CWE-601). The issue can be leveraged to conduct phishing via untrusted redirects. According to the sources, the CVSS v3.1 base score is 6.1 (Medium): Attack vector Network, Attack complex...

6.1CVSS5.3AI score0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:2 p.m.9 views

CVE-2026-50089 Aqara IAM/SSO Gateway open redirect

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS5.3AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:2 p.m.9 views

EUVD-2026-36479

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS5.2AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.6 views

EUVD-2026-36477

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.2AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.10 views

CVE-2026-50087 Aqara IAM/SSO Gateway cross-origin resource sharing

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:1 p.m.13 views

CVE-2026-50087

Technical details (affected product/version, root cause, remediation) are not publicly available in the provided documents. Monitor for updates.

8.2CVSS5.3AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.24 views

CVE-2026-50087 Aqara IAM/SSO Gateway cross-origin resource sharing

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:1 p.m.11 views

CVE-2026-50086

The CVE-2026-50086 entry concerns the Aqara IAM/SSO gateway (gw-builder.aqara.com), where bidirectional AES round-trups are exposed against the platform's signing key without authentication. This is identified as CWE-306 (Missing Authentication for Critical Function) and CWE-327 (Use of a Broken ...

10CVSS5.3AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.27 views

CVE-2026-50086 Aqara unauthenticated AES oracle

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:0 p.m.9 views

EUVD-2026-36473

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS5.3AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:0 p.m.17 views

CVE-2026-50083

The CVE-2026-50083 entry concerns the Aqara IAM/SSO Gateway (gw-builder.aqara.com) using a hardcoded OAuth client credential (CWE-798). This weak credential could enable a fully unauthenticated, remote takeover when combined with CVE-2026-50082, CVE-50084, and CVE-50085. Documented CVSSv3.1 base ...

9.1CVSS5.4AI score0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:0 p.m.9 views

CVE-2026-50083 Aqara hardcoded OAuth client credentials

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS5.4AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.10 views

PT-2026-48911

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The Aqara IAM/SSO gateway at 'gw-builder.aqara.com' contains a cross-origin resource sharing issue. This is a permissive cross-domain policy with untrusted domains, which allows...

8.2CVSS5.2AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48913

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS5.2AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48907

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS5.4AI score0.00246EPSS
Exploits0References3
Rows per page
Query Builder