Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-65295

Опубликовано: 10 дек. 2025
Источник: nvd
CVSS3: 8.1
EPSS Низкий

Описание

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:aqara:hub_m2_firmware:4.3.6_0027:*:*:*:*:*:*:*
cpe:2.3:h:aqara:hub_m2:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:aqara:hub_m3_firmware:4.3.6_0025:*:*:*:*:*:*:*
cpe:2.3:h:aqara:hub_m3:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:aqara:camera_hub_g3_firmware:4.1.9_0027:*:*:*:*:*:*:*
cpe:2.3:h:aqara:camera_hub_g3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%
0.00033
Низкий

8.1 High

CVSS3

Дефекты

CWE-326

Связанные уязвимости

github логотип

GHSA-f4fh-mr9x-pqgf

CVSS3: 8.1
github
около 2 месяцев назад

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

EPSS

Процентиль: 9%
0.00033
Низкий

8.1 High

CVSS3

Дефекты

CWE-326