Description
NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/JSON-NULL-Dereference.md
Scores
CVSS v3
6.5
EPSS
0.0005
EPSS Percentile
13.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (3)
aqara/camera_hub_g3_firmware
4.1.9_0027
aqara/hub_m2_firmware
4.3.6_0027
aqara/hub_m3_firmware
4.3.6_0025
Published
Dec 10, 2025
Tracked Since
Feb 18, 2026