PT-2025-50541 · Aqara · Hub M3+3
Chapoly1305
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-65292
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aqara Hub devices versions 4.1.9 0027, 4.3.6 0027, and 4.3.6 0025
Description
A command injection issue exists in Aqara Hub devices, including Camera Hub G3, Hub M2, and Hub M3. This allows attackers to execute arbitrary commands with root privileges by using malicious domain names.
Recommendations
Aqara Hub version 4.1.9 0027 should be updated.
Aqara Hub version 4.3.6 0027 should be updated.
Aqara Hub version 4.3.6 0025 should be updated.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aqara Hub
Camera Hub G3
Hub M2
Hub M3