Camera Hub G3 Firmware CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-65290	1 Aqara	6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more	2025-12-17	7.4 High
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files.
CVE-2025-65292	1 Aqara	6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more	2025-12-17	7.3 High
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names.
CVE-2025-65293	1 Aqara	2 Camera Hub G3, Camera Hub G3 Firmware	2025-12-17	6.6 Medium
Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.
CVE-2025-65294	1 Aqara	6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more	2025-12-17	9.8 Critical
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.
CVE-2025-65295	1 Aqara	6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more	2025-12-17	8.1 High
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.
CVE-2025-65296	1 Aqara	6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more	2025-12-17	6.5 Medium
NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.

Page 1 of 1.