9 matches found
EUVD-2025-202611
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...
CVE-2025-65290
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...
CVE-2025-65290
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...
CVE-2025-65290
CVE-2025-65290 affects Aqara Hub devices: Camera Hub G3 (version 4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). Root cause: failure to validate server certificates during HTTPS firmware downloads, enabling a man‑in‑the‑middle to intercept update traffic and potentially serve modified ...
EUVD-2025-18742
Malicious code in bioql PyPI...
CVE-2025-53520 EG4 Electronics EG4 Inverters Download of Code Without Integrity Check
The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...
CVE-2025-32880
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks...
CVE-2025-32880
The CVE-2025-32880 entry concerns COROS PACE 3 devices (through 3.0808.0) where WLAN-based firmware downloads occur over HTTP, unencrypted, enabling sniffing and man-in-the-middle attacks. Affected component is the WLAN firmware update/download flow; root cause is lack of encryption in the HTTP t...
YingSheng Wear Sync 安全漏洞
YingSheng Wear Sync is a mobile application for connecting smart devices from YingSheng China. A security vulnerability exists in YingSheng Wear Sync v1.2.0, which stems from incorrect access control during firmware updates and downloads...