Lucene search
K

9 matches found

EUVD
EUVD
added 2025/12/11 12:30 a.m.6 views

EUVD-2025-202611

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

7.4CVSS6.4AI score0.0016EPSS
Exploits1References2
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

7.4CVSS5.8AI score0.0016EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.5 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

6.6AI score0.0016EPSS
Exploits1References1
CVE
CVE
added 2025/12/10 12:0 a.m.24 views

CVE-2025-65290

CVE-2025-65290 affects Aqara Hub devices: Camera Hub G3 (version 4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). Root cause: failure to validate server certificates during HTTPS firmware downloads, enabling a man‑in‑the‑middle to intercept update traffic and potentially serve modified ...

7.4CVSS6.6AI score0.0016EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-18742

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00381EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/08 4:9 p.m.10 views

CVE-2025-53520 EG4 Electronics EG4 Inverters Download of Code Without Integrity Check

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
added 2025/06/20 2:15 p.m.6 views

CVE-2025-32880

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks...

9.8CVSS0.00381EPSS
Exploits1References3
CVE
CVE
added 2025/06/20 12:0 a.m.21 views

CVE-2025-32880

The CVE-2025-32880 entry concerns COROS PACE 3 devices (through 3.0808.0) where WLAN-based firmware downloads occur over HTTP, unencrypted, enabling sniffing and man-in-the-middle attacks. Affected component is the WLAN firmware update/download flow; root cause is lack of encryption in the HTTP t...

9.8CVSS7.3AI score0.00381EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.2 views

YingSheng Wear Sync 安全漏洞

YingSheng Wear Sync is a mobile application for connecting smart devices from YingSheng China. A security vulnerability exists in YingSheng Wear Sync v1.2.0, which stems from incorrect access control during firmware updates and downloads...

8.4CVSS6.8AI score0.00202EPSS
Exploits0References2
Rows per page
Query Builder