PT-2025-50542 · Aqara · Aqara Camera Hub G3
Junming Chen
+4
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-65293
CVSS v3.1
6.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aqara Camera Hub G3 version 4.1.9 0027
Description
The Aqara Camera Hub G3 contains command injection flaws. Successful exploitation allows attackers to execute arbitrary commands with root privileges. This is achieved by providing malicious QR codes during device setup and factory reset processes.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aqara Camera Hub G3