ГлавнаяУязвимости → CVE-2025-65290
7.4высокая

CVE-2025-65290

Описание

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files.

Затрагиваемое ПО
Aqara Hub m2 firmwareAqara Hub m2Aqara Hub m3 firmwareAqara Hub m3Aqara Camera hub g3 firmwareAqara Camera hub g3
CVSS
Балл7.4 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Certificate-Validation-Bypass.md