ГлавнаяУязвимости → CVE-2025-65295
8.1высокая

CVE-2025-65295

Описание

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

Затрагиваемое ПО
Aqara Hub m2 firmwareAqara Hub m2Aqara Hub m3 firmwareAqara Hub m3Aqara Camera hub g3 firmwareAqara Camera hub g3
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Firmware-Insecurity.md