Aqara
Products
9- 8 CVEs
- 7 CVEs
- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-50086 | Cri | 0.65 | 10.0 | 0.00 | Jun 12, 2026 | The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic… | ||
| CVE-2026-50084 | Cri | 0.62 | 9.6 | 0.00 | Jun 12, 2026 | The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N (9.6 Critical).… | ||
| CVE-2026-50090 | Cri | 0.60 | 9.3 | 0.00 | Jun 12, 2026 | The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of… | ||
| CVE-2026-50091 | Cri | 0.59 | 9.1 | 0.00 | Jun 12, 2026 | Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of… | ||
| CVE-2026-50083 | Cri | 0.59 | 9.1 | 0.00 | Jun 12, 2026 | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical). When combined with… | ||
| CVE-2026-50088 | Hig | 0.53 | 8.2 | 0.00 | Jun 12, 2026 | The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS… | ||
| CVE-2026-50087 | Hig | 0.53 | 8.2 | 0.00 | Jun 12, 2026 | The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High). | ||
| CVE-2026-50082 | Med | 0.42 | 6.5 | 0.00 | Jun 12, 2026 | The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N… | ||
| CVE-2026-50089 | Med | 0.40 | 6.1 | 0.00 | Jun 12, 2026 | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack. | ||
| CVE-2025-65291 | 0.00 | — | 0.00 | Dec 10, 2025 | Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring. | |||
| CVE-2025-65295 | 0.00 | — | 0.00 | Dec 10, 2025 | Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during… | |||
| CVE-2025-65290 | 0.00 | — | 0.00 | Dec 10, 2025 | Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware… | |||
| CVE-2025-65297 | 0.00 | — | 0.00 | Dec 10, 2025 | Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer. | |||
| CVE-2025-65294 | 0.00 | — | 0.01 | Dec 10, 2025 | Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution. | |||
| CVE-2025-65296 | 0.00 | — | 0.00 | Dec 10, 2025 | NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs. | |||
| CVE-2025-65292 | 0.00 | — | 0.01 | Dec 10, 2025 | Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names. | |||
| CVE-2025-65293 | 0.00 | — | 0.01 | Dec 10, 2025 | Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset. |
- risk 0.65cvss 10.0epss 0.00
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic…
- risk 0.62cvss 9.6epss 0.00
The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N (9.6 Critical).…
- risk 0.60cvss 9.3epss 0.00
The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of…
- risk 0.59cvss 9.1epss 0.00
Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of…
- risk 0.59cvss 9.1epss 0.00
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical). When combined with…
- risk 0.53cvss 8.2epss 0.00
The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS…
- risk 0.53cvss 8.2epss 0.00
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).
- risk 0.42cvss 6.5epss 0.00
The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N…
- risk 0.40cvss 6.1epss 0.00
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.
- CVE-2025-65291Dec 10, 2025risk 0.00cvss —epss 0.00
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.
- CVE-2025-65295Dec 10, 2025risk 0.00cvss —epss 0.00
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during…
- CVE-2025-65290Dec 10, 2025risk 0.00cvss —epss 0.00
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware…
- CVE-2025-65297Dec 10, 2025risk 0.00cvss —epss 0.00
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.
- CVE-2025-65294Dec 10, 2025risk 0.00cvss —epss 0.01
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.
- CVE-2025-65296Dec 10, 2025risk 0.00cvss —epss 0.00
NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.
- CVE-2025-65292Dec 10, 2025risk 0.00cvss —epss 0.01
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names.
- CVE-2025-65293Dec 10, 2025risk 0.00cvss —epss 0.01
Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.