8.1
CVE-2025-65295
- EPSS 0.03%
- Veröffentlicht 10.12.2025 00:00:00
- Zuletzt bearbeitet 17.12.2025 19:49:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Aqara ≫ Hub M2 Firmware Version4.3.6_0027
Aqara ≫ Hub M3 Firmware Version4.3.6_0025
Aqara ≫ Camera Hub G3 Firmware Version4.1.9_0027
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.097 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CWE-457 Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.