ГлавнаяУязвимости → CVE-2025-65292
7.3высокая

CVE-2025-65292

Описание

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names.

Затрагиваемое ПО
Aqara Hub m2 firmwareAqara Hub m2Aqara Hub m3 firmwareAqara Hub m3Aqara Camera hub g3 firmwareAqara Camera hub g3
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/DNS-Command-Injection.md