HIGH🇬🇧 English

CVE-2025-65291

CVSS 7.4v3.1pub. 2025-12-10upd. 2026-01-15

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Aqara Camera Hub G3

    HW
    Aqara
    wszystkie wersje
  • Aqara Camera Hub G3 Firmware

    OS
    Aqara
    4.1.9_0027
  • Aqara Hub M2

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M2 Firmware

    OS
    Aqara
    4.3.6_0027
  • Aqara Hub M3

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M3 Firmware

    OS
    Aqara
    4.3.6_0025
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-65294CRITICAL9.8PL ✓ten sam produkt

Aqara Hub — nieudokumentowany mechanizm zdalnego wykonania poleceń (RCE)

CVE-2025-65292HIGH7.3ten sam produkt

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, an...

CVE-2025-65290HIGH7.4ten sam produkt

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validat...

CVE-2025-65295HIGH8.1ten sam produkt

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_00...

CVE-2025-65297HIGH7.5ten sam produkt

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically c...