HIGH🇵🇱 Wersja polska

CVE-2025-65297

CVSS 7.5v3.1pub. 2025-12-10upd. 2025-12-19

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Aqara Camera Hub G3

    HW
    Aqara
    wszystkie wersje
  • Aqara Camera Hub G3 Firmware

    OS
    Aqara
    4.1.9_0027
  • Aqara Hub M2

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M2 Firmware

    OS
    Aqara
    4.3.6_0027
  • Aqara Hub M3

    HW
    Aqara
    wszystkie wersje
  • Aqara Hub M3 Firmware

    OS
    Aqara
    4.3.6_0025
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-65294CRITICAL9.8PL ✓ten sam produkt

Aqara Hub — nieudokumentowany mechanizm zdalnego wykonania poleceń (RCE)

CVE-2025-65295HIGH8.1ten sam produkt

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_00...

CVE-2025-65291HIGH7.4ten sam produkt

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate se...

CVE-2025-65292HIGH7.3ten sam produkt

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, an...

CVE-2025-65290HIGH7.4ten sam produkt

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validat...