CVE-2025-65291

High CVSS: 7.4

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.

Vendor

Aqara

Product

Hub M2 Firmware

CWE

CWE-295

Yayın Tarihi

2025-12-10 22:16:26

Güncelleme

2026-01-15 17:04:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-295 Hub M2 Firmware HIGH Aqara 2025

Referanslar

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/CoAP-Certificate-Validation-Bypass.md

Benzer Kayıtlar

Critical

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented r…

High

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hu…

Medium

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in…

High

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and…

High

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server c…

High

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4…