VYPR
Vendor

Aqara

Products
9
CVEs
17
Across products
24
Status
Private

Products

9

Recent CVEs

17
  • CVE-2026-50086CriJun 12, 2026
    risk 0.65cvss 10.0epss 0.00

    The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic…

  • CVE-2026-50084CriJun 12, 2026
    risk 0.62cvss 9.6epss 0.00

    The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N (9.6 Critical).…

  • CVE-2026-50090CriJun 12, 2026
    risk 0.60cvss 9.3epss 0.00

    The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of…

  • CVE-2026-50091CriJun 12, 2026
    risk 0.59cvss 9.1epss 0.00

    Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of…

  • CVE-2026-50083CriJun 12, 2026
    risk 0.59cvss 9.1epss 0.00

    The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical). When combined with…

  • CVE-2026-50088HigJun 12, 2026
    risk 0.53cvss 8.2epss 0.00

    The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS…

  • CVE-2026-50087HigJun 12, 2026
    risk 0.53cvss 8.2epss 0.00

    The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).

  • CVE-2026-50082MedJun 12, 2026
    risk 0.42cvss 6.5epss 0.00

    The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N…

  • CVE-2026-50089MedJun 12, 2026
    risk 0.40cvss 6.1epss 0.00

    The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

  • CVE-2025-65291Dec 10, 2025
    risk 0.00cvss epss 0.00

    Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.

  • CVE-2025-65295Dec 10, 2025
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during…

  • CVE-2025-65290Dec 10, 2025
    risk 0.00cvss epss 0.00

    Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware…

  • CVE-2025-65297Dec 10, 2025
    risk 0.00cvss epss 0.00

    Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.

  • CVE-2025-65294Dec 10, 2025
    risk 0.00cvss epss 0.01

    Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.

  • CVE-2025-65296Dec 10, 2025
    risk 0.00cvss epss 0.00

    NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.

  • CVE-2025-65292Dec 10, 2025
    risk 0.00cvss epss 0.01

    Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names.

  • CVE-2025-65293Dec 10, 2025
    risk 0.00cvss epss 0.01

    Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.