PT-2025-50547 · Aqara · Aqara Hub M2+2
Chapoly1305
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-65296
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Aqara Hub M2 version 4.3.6 0027
Aqara Hub M3 version 4.3.6 0025
Aqara Camera Hub G3 version 4.1.9 0027
Description
The software contains NULL-pointer dereference issues in the JSON processing component. These issues can be exploited by providing malformed JSON inputs, leading to denial-of-service attacks.
Recommendations
Aqara Hub M2 version 4.3.6 0027: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Aqara Hub M3 version 4.3.6 0025: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Aqara Camera Hub G3 version 4.1.9 0027: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aqara Camera Hub G3
Aqara Hub M2
Aqara Hub M3