CVE-2025-65293

Medium CVSS: 6.6

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.

Vendor

Aqara

Product

Camera Hub G3 Firmware

CWE

CWE-77

Yayın Tarihi

2025-12-10 22:16:26

Güncelleme

2025-12-17 19:52:09

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Camera Hub G3 Firmware MEDIUM Aqara 2025

Referanslar

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/QR-Command-Injection.md

Benzer Kayıtlar

Critical

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented r…

High

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hu…

Medium

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in…

High

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and…

High

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server c…

High

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certi…