CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

PT-2025-50542

Name of the Vulnerable Software and Affected Versions Aqara Camera Hub G3 version 4.1.9 0027 Description The Aqara Camera Hub G3 contains command injection flaws. Successful exploitation allows attackers to execute arbitrary commands with root privileges. This is achieved by providing malicious Q...

CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

CVE-2025-65297

The CVE-2025-65297 entry covers Aqara Hub devices (Camera Hub G3 4.1.9_0027; Hub M2 4.3.6_0027; Hub M3 4.3.6_0025) that automatically collect and upload unencrypted sensitive information without disclosure or consent. The connected sources corroborate the same description across Red Hat/CIRA ENIS...

PT-2025-50509

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality,...

PT-2025-50547

Name of the Vulnerable Software and Affected Versions Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027 Description The software contains NULL-pointer dereference issues in the JSON processing component. These issues can be exploited by providi...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from a failure to verify signatures during firmware updates, which could lead to the installation of malicious firmware. The following products and...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from an undocumented remote access mechanism that could lead to remote command execution. The following products and versions are affected: the Camer...

PT-2025-50362

Name of the Vulnerable Software and Affected Versions CCTV affected versions not specified Description A malicious actor can access camera configuration information, including account credentials, without authentication by accessing a vulnerable URL. This flaw potentially risks video feed hijack...

PT-2025-50536

Name of the Vulnerable Software and Affected Versions Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027 Description Aqara Hub devices do not properly validate server certificates during TLS connections used for discovery services and CoAP gatew...

PT-2025-50543

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices have an undocumented remote access mechanism that allows unrestricted remote command execution...

CVE-2025-65296

CVE-2025-65296 affects Aqara Hub M2 (version 4.3.6_0027), Aqara Hub M3 (4.3.6_0025), and Aqara Camera Hub G3 (4.1.9_0027). The issue is a NULL-pointer dereference in the JSON processing component, which enables denial-of-service attacks via malformed JSON inputs. Public details consistently descr...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products, which stems from a malicious domain name that results in command injection, which could lead to the execution of arbitrary commands. The following products and...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from the presence of a null pointer dereference in JSON processing, which could lead to a denial of service attack. The following products and versio...

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

CVE-2025-65292

CVE-2025-65292 describes a command-injection vulnerability in Aqara Hub devices: Camera Hub G3 (4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). The root cause is command injection via malicious domain names, enabling an attacker with local access and low privileges to run commands with...

CVE-2025-65294

The vulnerability CVE-2025-65294 affects Aqara Hub devices: Camera Hub G3 (version 4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). Connected documents describe an undocumented remote access mechanism that enables unrestricted remote command execution, i.e., attacker-controlled commands...

PT-2025-50548

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and...