Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.9 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS6.8AI score0.00204EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/11 12:30 a.m.6 views

EUVD-2025-202609

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS7.6AI score0.0071EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/11 12:30 a.m.4 views

EUVD-2025-202635

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS6.3AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 12:30 a.m.6 views

EUVD-2025-202636

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.5CVSS6.5AI score0.00263EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.29 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

9.8CVSS7.2AI score0.00858EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.12 views

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS8.1AI score0.0071EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

9.8CVSS5.8AI score0.00858EPSS
Exploits1References2
OSV
OSV
added 2025/12/10 10:16 p.m.5 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS5.8AI score0.00204EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS5.8AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 10:16 p.m.6 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

7.5CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 10:16 p.m.10 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.5CVSS5.8AI score0.00263EPSS
Exploits1References1
NVD
NVD
added 2025/12/10 10:16 p.m.5 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.5CVSS0.00263EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

7.4CVSS5.8AI score0.0016EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS6.1AI score0.0071EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

6.6CVSS6AI score0.00979EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.4 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

6.5AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.21 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

0.0016EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.7 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products, which stems from unvalidated server certificates in a TLS connection and could lead to a man-in-the-middle attack. The following products and versions are...

7.4CVSS6.6AI score0.0016EPSS
Exploits1References2
CVE
CVE
added 2025/12/10 12:0 a.m.31 views

CVE-2025-65292

CVE-2025-65292 describes a command-injection vulnerability in Aqara Hub devices: Camera Hub G3 (4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). The root cause is command injection via malicious domain names, enabling an attacker with local access and low privileges to run commands with...

7.3CVSS7.7AI score0.0071EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from the presence of a null pointer dereference in JSON processing, which could lead to a denial of service attack. The following products and versio...

6.5CVSS6.5AI score0.00263EPSS
Exploits1References2
Rows per page
Query Builder