CNNVD-202512-1770 Information

CNNVD ID

CNNVD-202512-1770

Related CVE

CVE-2025-65295

• CNNVD Published: 2025-12-10

Description (Chinese)

Aqara Camera Hub G3等都是美国Aqara公司的一个智能监控摄像机。 Aqara多款产品存在安全漏洞，该漏洞源于固件更新过程中未验证签名，可能导致安装恶意固件。以下产品及版本受到影响：Aqara Camera Hub G3 4.1.9_0027版本、Hub M2 4.3.6_0027版本和Hub M3 4.3.6_0025版本。

Description (English)

Aqara Camera Hub G3 and others are smart surveillance cameras for Aqara in the United States. There is a safety gap in Aqara ’ s multiple products, which results from the lack of authentication of signatures during the solids update process, which may lead to the installation of malicious solids. The following products and versions were affected: Aqara Camera Hub G3 4.1.9 version 0027, Hub M2 4.3.6 version 0027 and Hub M3 4.3.6 version 0025.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Aqara

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Firmware-Insecurity.md https://access.redhat.com/security/cve/cve-2025-65295