📦 Hub M3 Firmware

Aqara Hub devices contain an undocumented remote access mechanism that allows attackers to execute arbitrary commands without authentication. This vulnerability affects Aqara Camera Hub G3, Hub M2, an...

This CVE describes vulnerabilities in Aqara Hub firmware update processes that allow attackers to install malicious firmware without proper signature validation. Attackers can exploit outdated cryptog...

Aqara Hub devices automatically collect and upload unencrypted sensitive information without user consent or manufacturer disclosure. This vulnerability allows unauthorized data exfiltration affecting...

Aqara Hub devices fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept update traffic and serve malicious firmware. This affects Came...

Aqara Hub devices fail to validate TLS server certificates during discovery and CoAP communications, allowing man-in-the-middle attackers to intercept and manipulate device control and monitoring traf...

A command injection vulnerability in Aqara Hub devices allows attackers to execute arbitrary commands with root privileges by exploiting malicious domain names. This affects Aqara Camera Hub G3, Hub M...

A NULL-pointer dereference vulnerability in Aqara smart home hubs allows attackers to cause denial-of-service by sending malformed JSON inputs. This affects Aqara Hub M2, Hub M3, and Camera Hub G3 dev...