Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NAqara Camera Hub G3
HWAqarawszystkie wersjeAqara Camera Hub G3 Firmware
OSAqara4.1.9_0027Aqara Hub M2
HWAqarawszystkie wersjeAqara Hub M2 Firmware
OSAqara4.3.6_0027Aqara Hub M3
HWAqarawszystkie wersjeAqara Hub M3 Firmware
OSAqara4.3.6_0025
Related vulnerabilities
Aqara Hub β nieudokumentowany mechanizm zdalnego wykonania poleceΕ (RCE)
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, an...
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validat...
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_00...
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically c...