← Back

Hub M3 Firmware

hub_m3_firmware

Vendor: Aqara • 7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from...Show more
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.Show less
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification....Show more
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.Show less
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious doma...Show more
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges through malicious domain names.Show less
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
7.4 HIGH· v3
N/A· v2
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-t...Show more
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.Show less
1Aqara
3Camera Hub G3 Firmware
Hub M2 FirmwareHub M3 Firmware
Jun 17, 2026
Dec 10, 2025
N/A· v4
7.4 HIGH· v3
N/A· v2
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmw...Show more
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files.Show less