Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

RedhatCVE
RedhatCVEadded 2025/12/11 5:3 a.m.5 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS6.8AI score0.00035EPSS
Exploits1References1
EUVD
EUVDadded 2025/12/11 12:30 a.m.4 views

EUVD-2025-202609

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS7.6AI score0.00061EPSS
Exploits1References2
EUVD
EUVDadded 2025/12/11 12:30 a.m.0 views

EUVD-2025-202635

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS6.3AI score0.00023EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/12/11 12:3 a.m.23 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

9.8CVSS7.2AI score0.01187EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/11 12:3 a.m.9 views

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS8.1AI score0.00061EPSS
Exploits1References1
NVD
NVDadded 2025/12/10 10:16 p.m.2 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS0.00023EPSS
Exploits0References1
OSV
OSVadded 2025/12/10 10:16 p.m.2 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS5.8AI score0.00035EPSS
Exploits1References1
OSV
OSVadded 2025/12/10 10:16 p.m.1 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS5.8AI score0.00023EPSS
Exploits0References1
OSV
OSVadded 2025/12/10 10:16 p.m.7 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.5CVSS5.8AI score0.00038EPSS
Exploits1References1
OSV
OSVadded 2025/12/10 10:16 p.m.2 views

CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

6.6CVSS6AI score0.00081EPSS
Exploits1References1
OSV
OSVadded 2025/12/10 10:16 p.m.2 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

7.4CVSS5.8AI score0.00024EPSS
Exploits1References1
OSV
OSVadded 2025/12/10 10:16 p.m.1 views

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS6.1AI score0.00061EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/12/10 12:0 a.m.1 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

6.5AI score0.00027EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/12/10 12:0 a.m.18 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

0.00024EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/12/10 12:0 a.m.18 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

0.01187EPSS
Exploits1References2
CVE
CVEadded 2025/12/10 12:0 a.m.18 views

CVE-2025-65292

CVE-2025-65292 describes a command-injection vulnerability in Aqara Hub devices: Camera Hub G3 (4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). The root cause is command injection via malicious domain names, enabling an attacker with local access and low privileges to run commands with...

7.3CVSS7.7AI score0.00061EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/12/10 12:0 a.m.16 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

0.00023EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/10 12:0 a.m.19 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

0.00038EPSS
Exploits1References1
CVE
CVEadded 2025/12/10 12:0 a.m.19 views

CVE-2025-65297

The CVE-2025-65297 entry covers Aqara Hub devices (Camera Hub G3 4.1.9_0027; Hub M2 4.3.6_0027; Hub M3 4.3.6_0025) that automatically collect and upload unencrypted sensitive information without disclosure or consent. The connected sources corroborate the same description across Red Hat/CIRA ENIS...

7.5CVSS6.5AI score0.00023EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/10 12:0 a.m.4 views

PT-2025-50548

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and...

7.5CVSS6.4AI score0.00023EPSS
Exploits0References5
Rows per page
Query Builder