CNNVD-202512-1777 Information

CNNVD ID

CNNVD-202512-1777

Related CVE

CVE-2025-65290

• CNNVD Published: 2025-12-10

Description (Chinese)

Aqara Camera Hub G3是美国Aqara公司的一个智能监控摄像机。 Aqara Camera Hub G3 4.1.9_0027版本、Hub M2 4.3.6_0027版本和Hub M3 4.3.6_0025版本存在安全漏洞，该漏洞源于HTTPS固件下载期间未验证服务器证书，可能导致中间人攻击。

Description (English)

Aqara Camera Hub G3 is a smart surveillance camera for Aqara in the United States. There is a security loophole in Aqara Camera Hub G3 4.1.9 0027, Hub M2 4.3.6 0027 and Hub M3 4.3.6 0025, which stems from the failure to validate server certificates during the download of HTTPS solids and may result in an attack by an intermediary.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Aqara

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Certificate-Validation-Bypass.md https://access.redhat.com/security/cve/cve-2025-65290