CVE-2025-65294

Critical CVSS: 9.8

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.

Vendor

Aqara

Product

Hub M2 Firmware

CWE

CWE-94

Yayın Tarihi

2025-12-10 22:16:27

Güncelleme

2025-12-17 19:51:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Hub M2 Firmware CRITICAL Aqara 2025

Referanslar

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/QR-Command-Injection.md https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/Undocumented-Remote-Execution.md

Benzer Kayıtlar

High

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hu…

Medium

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in…

High

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and…

High

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server c…

High

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certi…

High

CVE-2025-65292

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4…