Lucene search
K

211 matches found

OSV
OSV
added 2025/12/10 10:16 p.m.10 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.5CVSS5.8AI score0.00263EPSS
Exploits1References1
NVD
NVD
added 2025/12/10 10:16 p.m.5 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.5CVSS0.00263EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.5 views

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

8.1CVSS5.8AI score0.00204EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

7.4CVSS5.8AI score0.0016EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS6.1AI score0.0071EPSS
Exploits1References1
NVD
NVD
added 2025/12/10 10:16 p.m.6 views

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

7.3CVSS0.0071EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.4 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

6.5AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 12:0 a.m.31 views

CVE-2025-65292

CVE-2025-65292 describes a command-injection vulnerability in Aqara Hub devices: Camera Hub G3 (4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). The root cause is command injection via malicious domain names, enabling an attacker with local access and low privileges to run commands with...

7.3CVSS7.7AI score0.0071EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from a failure to verify signatures during firmware updates, which could lead to the installation of malicious firmware. The following products and...

8.1CVSS6.6AI score0.00204EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from an undocumented remote access mechanism that could lead to remote command execution. The following products and versions are affected: the Camer...

9.8CVSS7AI score0.00858EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Aqara Camera Hub G3 安全漏洞

Aqara Camera Hub G3 is a smart surveillance camera from Aqara USA. A security vulnerability exists in Aqara Camera Hub G3 version 4.1.90027, Hub M2 version 4.3.60027, and Hub M3 version 4.3.60025, which stems from the failure to validate server certificates during HTTPS firmware downloads, which...

7.4CVSS6.6AI score0.0016EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products, which stems from the automatic collection and uploading of unencrypted sensitive information. The following products and versions are affected: the Camera Hub ...

7.5CVSS6.6AI score0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.3 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

6.5AI score0.0016EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50541

Name of the Vulnerable Software and Affected Versions Aqara Hub devices versions 4.1.9 0027, 4.3.6 0027, and 4.3.6 0025 Description A command injection issue exists in Aqara Hub devices, including Camera Hub G3, Hub M2, and Hub M3. This allows attackers to execute arbitrary commands with root...

7.3CVSS7.9AI score0.0071EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50547

Name of the Vulnerable Software and Affected Versions Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027 Description The software contains NULL-pointer dereference issues in the JSON processing component. These issues can be exploited by providi...

6.5CVSS6.5AI score0.00263EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50543

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices have an undocumented remote access mechanism that allows unrestricted remote command execution...

9.8CVSS6.8AI score0.00858EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.2 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

6.7AI score0.00263EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.3 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

7AI score0.00858EPSS
Exploits1References2
CVE
CVE
added 2025/12/10 12:0 a.m.35 views

CVE-2025-65294

The vulnerability CVE-2025-65294 affects Aqara Hub devices: Camera Hub G3 (version 4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). Connected documents describe an undocumented remote access mechanism that enables unrestricted remote command execution, i.e., attacker-controlled commands...

9.8CVSS7AI score0.00858EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/12/10 12:0 a.m.30 views

CVE-2025-65296

CVE-2025-65296 affects Aqara Hub M2 (version 4.3.6_0027), Aqara Hub M3 (4.3.6_0025), and Aqara Camera Hub G3 (4.1.9_0027). The issue is a NULL-pointer dereference in the JSON processing component, which enables denial-of-service attacks via malformed JSON inputs. Public details consistently descr...

6.5CVSS6.7AI score0.00263EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder