CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/12/11 12:30 a.m.•4 views

EUVD-2025-202637

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS6.3AI score0.002EPSS

EUVD•added 2025/12/11 12:30 a.m.•5 views

EUVD-2025-202609

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS7.6AI score0.00697EPSS

EUVD•added 2025/12/11 12:30 a.m.•2 views

EUVD-2025-202635

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS6.3AI score0.00167EPSS

Exploits0References2

RedhatCVE•added 2025/12/11 12:3 a.m.•26 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

9.8CVSS7.2AI score0.00843EPSS

RedhatCVE•added 2025/12/11 12:3 a.m.•10 views

CVE-2025-65292

7.3CVSS8.1AI score0.00697EPSS

OSV•added 2025/12/10 10:16 p.m.•9 views

CVE-2025-65296

6.5CVSS5.8AI score0.00251EPSS

9.8CVSS5.8AI score0.00843EPSS

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

OSV•added 2025/12/10 10:16 p.m.•2 views

CVE-2025-65297

7.5CVSS5.8AI score0.00167EPSS

Exploits0References1

8.1CVSS5.8AI score0.002EPSS

CVE-2025-65295

NVD•added 2025/12/10 10:16 p.m.•4 views

CVE-2025-65297

7.5CVSS0.00167EPSS

Exploits0References1

NVD•added 2025/12/10 10:16 p.m.•4 views

CVE-2025-65296

6.5CVSS0.00251EPSS

7.3CVSS6.1AI score0.00697EPSS

CVE-2025-65292

7.4CVSS5.8AI score0.00157EPSS

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

NVD•added 2025/12/10 10:16 p.m.•5 views

CVE-2025-65292

7.3CVSS0.00697EPSS

CNNVD•added 2025/12/10 12:0 a.m.•4 views

Aqara多款产品安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products, which stems from the automatic collection and uploading of unencrypted sensitive information. The following products and versions are affected: the Camera Hub ...

7.5CVSS6.6AI score0.00167EPSS

Exploits0References2

Positive Technologies•added 2025/12/10 12:0 a.m.•5 views

PT-2025-50548

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and...

7.5CVSS6.4AI score0.00167EPSS

Exploits0References5

Cvelist•added 2025/12/10 12:0 a.m.•20 views

CVE-2025-65296

0.00251EPSS

Cvelist•added 2025/12/10 12:0 a.m.•20 views

CVE-2025-65290

0.00157EPSS

Vulnrichment•added 2025/12/10 12:0 a.m.•2 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

6.5AI score0.00157EPSS