CNNVD-202512-1775 Information

CNNVD ID

CNNVD-202512-1775

Related CVE

CVE-2025-65291

• CNNVD Published: 2025-12-10

Description (Chinese)

Aqara Camera Hub G3等都是美国Aqara公司的一个智能监控摄像机。 Aqara多款产品存在安全漏洞，该漏洞源于TLS连接中未验证服务器证书，可能导致中间人攻击。以下产品及版本受到影响：Aqara Hub M2 4.3.6_0027版本、Hub M3 4.3.6_0025版本和Camera Hub G3 4.1.9_0027版本。

Description (English)

Aqara Camera Hub G3 and others are smart surveillance cameras for Aqara in the United States. There is a security gap in the Aqara ’ s multiple products, which stems from the lack of certification of server certificates in the TLS connection, which could lead to attacks by intermediaries. The following products and versions were affected: Aqara Hub M2 4.3.6 version 0027, Hub M3 4.3.6 version 0025 and Camera Hub G3 4.1.9 version 0027.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Aqara

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/CoAP-Certificate-Validation-Bypass.md https://access.redhat.com/security/cve/cve-2025-65291