PT-2025-50543 · Aqara · Aqara Hub M3+2
Chapoly1305
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-65294
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aqara Hub Camera Hub G3 version 4.1.9 0027
Aqara Hub M2 version 4.3.6 0027
Aqara Hub M3 version 4.3.6 0025
Description
Aqara Hub devices have an undocumented remote access mechanism that allows unrestricted remote command execution.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aqara Camera Hub G3
Aqara Hub M2
Aqara Hub M3