Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NAqara Camera Hub G3
HWAqarawszystkie wersjeAqara Camera Hub G3 Firmware
OSAqara4.1.9_0027Aqara Hub M2
HWAqarawszystkie wersjeAqara Hub M2 Firmware
OSAqara4.3.6_0027Aqara Hub M3
HWAqarawszystkie wersjeAqara Hub M3 Firmware
OSAqara4.3.6_0025
Related vulnerabilities
Aqara Hub β nieudokumentowany mechanizm zdalnego wykonania poleceΕ (RCE)
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, an...
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate se...
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_00...
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically c...