Aqara Camera Hub G3 Command Injection Vulnerability Allowing Root Privilege Escalation
Vulnerability
A command injection vulnerability has been identified in the Aqara Camera Hub G3 running firmware 4.1.9_0027. This vulnerability allows attackers to execute arbitrary commands with root privileges by using malicious QR codes during the device setup process or a factory reset. The issue arises from improper input sanitization when QR code data is processed, enabling exploitation through crafted QR codes.
Impact
Exploitation of this vulnerability allows for unauthenticated remote code execution with root privileges on the affected device.
Reproduction
The vulnerability can be reproduced by creating a QR code that includes newline or carriage return characters, which are not properly filtered by the device. This crafted QR code can then be scanned during the setup process or after a factory reset, leading to the execution of arbitrary commands with root privileges.
Remediation
Users can update to the latest firmware version released on October 20, 2025, to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.