CVE-2025-65293 identifies a command injection vulnerability in the Aqara Camera Hub G3 device running firmware version 4.1.9_0027. The vulnerability arises from improper input sanitization of QR codes scanned during device setup and factory reset processes. An attacker can craft a malicious QR code that, when scanned by the device, injects arbitrary shell commands executed with root privileges. This allows full control over the device, enabling attackers to compromise device confidentiality, integrity, and availability. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that the device fails to properly sanitize or validate input before passing it to system commands. Exploitation requires physical access or user interaction to scan the malicious QR code, which limits remote exploitation but still presents a significant risk in environments where attackers can trick users or gain physical proximity. The CVSS v3.1 score of 6.6 (medium severity) reflects the vulnerability's impact and exploitability: it requires user interaction (UI:R), no privileges (PR:N), and partial network access (AV:P). No patches or known exploits are currently reported, but the potential for root-level compromise makes this a critical issue for IoT security. The vulnerability could be leveraged to pivot attacks into connected networks or exfiltrate sensitive data. Organizations deploying Aqara Camera Hub G3 devices should monitor for firmware updates and implement compensating controls to mitigate risk.

For European organizations, this vulnerability poses a significant risk to the security of IoT environments, particularly in smart homes, offices, and industrial settings where Aqara Camera Hub G3 devices are deployed. Successful exploitation could lead to full device compromise, allowing attackers to execute arbitrary commands with root privileges, potentially leading to data theft, surveillance, or disruption of services. The device's integration into broader networked environments means attackers could pivot from the compromised hub to other internal systems, escalating the impact. Confidentiality is at high risk due to potential data exfiltration, integrity is compromised by unauthorized command execution, and availability could be disrupted by malicious commands. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments with less controlled physical access. The lack of available patches increases exposure time, and organizations relying on these devices for security or monitoring should consider the vulnerability critical to address. The impact is heightened in sectors with sensitive data or critical infrastructure, such as finance, healthcare, and government facilities.

1. Restrict physical access to Aqara Camera Hub G3 devices to trusted personnel only, minimizing the risk of malicious QR code scanning. 2. Educate users and administrators about the risks of scanning unknown or untrusted QR codes during device setup or factory reset. 3. Monitor vendor communications closely for firmware updates addressing this vulnerability and apply patches promptly once released. 4. Implement network segmentation to isolate IoT devices like the Aqara Camera Hub G3 from critical network assets, limiting lateral movement if compromised. 5. Employ device-level monitoring and anomaly detection to identify unusual command executions or behavior indicative of exploitation. 6. If possible, disable or restrict the QR code scanning feature during setup or reset processes until a patch is available. 7. Conduct regular security audits of IoT devices and their configurations to ensure adherence to best practices and detect potential vulnerabilities. 8. Consider alternative devices with stronger security postures if immediate mitigation is not feasible. These steps go beyond generic advice by focusing on physical security, user awareness, network architecture, and proactive monitoring tailored to the specific attack vector.