HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-65290

CVSS 7.4v3.1pub. 2025-12-10upd. 2025-12-17

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Aqara Camera Hub G3

    HW
    Aqara
    wszystkie wersje
  • Aqara Camera Hub G3 Firmware

    OS
    Aqara
    4.1.9_0027
  • Aqara Hub M2

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M2 Firmware

    OS
    Aqara
    4.3.6_0027
  • Aqara Hub M3

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M3 Firmware

    OS
    Aqara
    4.3.6_0025
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-65294CRITICAL9.8PL βœ“ten sam produkt

Aqara Hub β€” nieudokumentowany mechanizm zdalnego wykonania poleceΕ„ (RCE)

CVE-2025-65292HIGH7.3ten sam produkt

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, an...

CVE-2025-65291HIGH7.4ten sam produkt

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate se...

CVE-2025-65295HIGH8.1ten sam produkt

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_00...

CVE-2025-65297HIGH7.5ten sam produkt

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically c...

CVE-2025-65290 β€” Aqara β€” Camera Hub G3 β€” HIGH β€” CVSS 7.4 | CVEbaza.pl