Chapoly1305

**Name of the Vulnerable Software and Affected Versions** Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027 **Description** The software contains NULL-pointer dereference issues in the JSON processing component. These issues can be exploited by providing malformed JSON inputs, leading to denial-of-service attacks. **Recommendations** Aqara Hub M2 version 4.3.6 0027: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Aqara Hub M3 version 4.3.6 0025: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Aqara Camera Hub G3 version 4.1.9 0027: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aqara Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 **Description** Aqara Hub devices do not properly validate server certificates when downloading firmware updates over HTTPS. This allows attackers positioned between the device and the update server to intercept the communication and potentially replace legitimate firmware with malicious versions. **Recommendations** Update Aqara Camera Hub G3 to a version newer than 4.1.9 0027. Update Aqara Hub M2 to a version newer than 4.3.6 0027. Update Aqara Hub M3 to a version newer than 4.3.6 0025.

**Name of the Vulnerable Software and Affected Versions** Aqara Hub devices versions 4.1.9 0027, 4.3.6 0027, and 4.3.6 0025 **Description** A command injection issue exists in Aqara Hub devices, including Camera Hub G3, Hub M2, and Hub M3. This allows attackers to execute arbitrary commands with root privileges by using malicious domain names. **Recommendations** Aqara Hub version 4.1.9 0027 should be updated. Aqara Hub version 4.3.6 0027 should be updated. Aqara Hub version 4.3.6 0025 should be updated.

**Name of the Vulnerable Software and Affected Versions** Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 **Description** Aqara Hub devices have an undocumented remote access mechanism that allows unrestricted remote command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Tapo P125M and Kasa KP125M version 1.0.3 **Description** The issue allows attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack due to improper validation of certificates. **Recommendations** For TP-Link Tapo P125M and Kasa KP125M version 1.0.3, update the firmware to a version that properly validates certificates to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** TP-Link Kasa KP125M version 1.0.3 **Description** An issue in the TP-Link MQTT Broker and API gateway allows attackers to establish connections by impersonating devices owned by other users. This impersonation can lead to unauthorized access. **Recommendations** For TP-Link Kasa KP125M version 1.0.3, consider restricting access to the MQTT Broker and API gateway until a patch is available. As a temporary workaround, disabling the device impersonation feature can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Nordic Semiconductor nRF Sniffer for Bluetooth LE versions 3.0.0 through 4.1.1 **Description** The issue is related to incorrect file permissions set for certain scripts in the Nordic Semiconductor nRF Sniffer for Bluetooth LE. This allows attackers to execute code via modified bash and python scripts, specifically targeting `extcap/nrf sniffer ble.py`, `extcap/nrf sniffer ble.sh`, and `extcap/SnifferAPI/*.py`. **Recommendations** For versions 3.0.0 through 4.1.1, consider restricting access to the vulnerable scripts `extcap/nrf sniffer ble.py`, `extcap/nrf sniffer ble.sh`, and files within `extcap/SnifferAPI/` to prevent code execution by attackers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link Kasa KP125M version 1.0.0 Tapo P125M version 1.0.0 Build 220930 Rel.143947 **Description** An Information Disclosure issue in the Telemetry component allows attackers to observe device state via observing network traffic. **Recommendations** For TP-Link Kasa KP125M version 1.0.0, consider restricting network access to minimize the risk of exploitation. For Tapo P125M version 1.0.0 Build 220930 Rel.143947, consider restricting network access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.