Lannan Lisa Luo - Security Researcher - Exploit Intelligence Platform

CVE-2025-65293 WRITEUP MEDIUM WRITEUP

Aqara Camera Hub G3 4.1.9_0027 - OS Command Injection via Malicious QR Code

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.

CVSS 6.6

View Code

CVE-2025-65294 WRITEUP CRITICAL WRITEUP

Aqara Hub M2/M3/Camera Hub G3 - Unauthenticated Remote Code Execution via Undocumented Remote Access Mechanism

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.

CVSS 9.8

View Code

CVE-2025-65296 WRITEUP MEDIUM WRITEUP

Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 - Denial of Service via JSON Processing

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.

CVSS 6.5

View Code

CVE-2025-65297 WRITEUP HIGH WRITEUP

Aqara Hub <4.1.9_0027-4.3.6_0025 - Info Disclosure

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.

CVSS 7.5

View Code