aqara
Latest CVEs
The 15 most recently published vulnerabilities affecting aqara.
- CVE-2026-50091Aqara Home Android SDK hardcoded keys9.1
- CVE-2026-50090Aqara OAuth redirect_uri validation bypass9.3
- CVE-2026-50089Aqara IAM/SSO Gateway open redirect6.1
- CVE-2026-50088Aqara Developer Portal cross-origin resource sharing8.2
- CVE-2026-50087Aqara IAM/SSO Gateway cross-origin resource sharing8.2
- CVE-2026-50086Aqara unauthenticated AES oracle10.0
- CVE-2026-50085Aqara Board IoT insecure debug API8.6
- CVE-2026-50084Aqara API cross-account access9.6
- CVE-2026-50083Aqara hardcoded OAuth client credentials9.1
- CVE-2026-50082Aqara Developer Portal insecure authentication token6.5
- CVE-2025-65297Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disc...7.5
- CVE-2025-65290Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attac...7.4
- CVE-2025-65295Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware withou...8.1
- CVE-2025-65294Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.9.8
- CVE-2025-65292Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges...7.3