CNNVD-202512-1774 Information

CNNVD ID

CNNVD-202512-1774

Related CVE

CVE-2025-65292

• CNNVD Published: 2025-12-10

Description (Chinese)

Aqara Camera Hub G3等都是美国Aqara公司的一个智能监控摄像机。 Aqara多款产品存在安全漏洞，该漏洞源于恶意域名导致命令注入，可能导致执行任意命令。以下产品及版本受到影响：Aqara Camera Hub G3 4.1.9_0027版本、Hub M2 4.3.6_0027版本和Hub M3 4.3.6_0025版本。

Description (English)

Aqara Camera Hub G3 and others are smart surveillance cameras for Aqara in the United States. There is a safety gap in many Aqara products, which stems from a malicious domain name that leads to the injection of orders and may lead to the execution of arbitrary orders. The following products and versions were affected: Aqara Camera Hub G3 4.1.9 version 0027, Hub M2 4.3.6 version 0027 and Hub M3 4.3.6 version 0025.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Aqara

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/DNS-Command-Injection.md https://access.redhat.com/security/cve/cve-2025-65292