ГлавнаяУязвимости → CVE-2025-65294
9.8критическая

CVE-2025-65294

Описание

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.

Затрагиваемое ПО
Aqara Hub m2 firmwareAqara Hub m2Aqara Hub m3 firmwareAqara Hub m3Aqara Camera hub g3 firmwareAqara Camera hub g3
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/QR-Command-Injection.mdhttps://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/Undocumented-Remote-Execution.md