HIGH🇬🇧 English

CVE-2025-65295

CVSS 8.1v3.1pub. 2025-12-10upd. 2025-12-17

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aqara Camera Hub G3

    HW
    Aqara
    wszystkie wersje
  • Aqara Camera Hub G3 Firmware

    OS
    Aqara
    4.1.9_0027
  • Aqara Hub M2

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M2 Firmware

    OS
    Aqara
    4.3.6_0027
  • Aqara Hub M3

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M3 Firmware

    OS
    Aqara
    4.3.6_0025
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-65294CRITICAL9.8PL ✓ten sam produkt

Aqara Hub — nieudokumentowany mechanizm zdalnego wykonania poleceń (RCE)

CVE-2025-65291HIGH7.4ten sam produkt

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate se...

CVE-2025-65297HIGH7.5ten sam produkt

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically c...

CVE-2025-65292HIGH7.3ten sam produkt

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, an...

CVE-2025-65290HIGH7.4ten sam produkt

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validat...