CVE-2025-65292

High CVSS: 7.3

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names.

Vendor

Aqara

Product

Hub M2 Firmware

CWE

CWE-77

Yayın Tarihi

2025-12-10 22:16:26

Güncelleme

2025-12-17 19:55:09

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Hub M2 Firmware HIGH Aqara 2025

Referanslar

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/DNS-Command-Injection.md

Benzer Kayıtlar

Critical

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented r…

High

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hu…

Medium

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in…

High

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and…

High

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server c…

High

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certi…