Skip to main content

Com Lumiunited Aqarahome

1 CVEs product

Monthly

CVE-2026-50091 HIGH PATCH This Week

Hard-coded cryptographic keys in the Aqara Home Android app (com.lumiunited.aqarahome) 6.0.0 and white-label clients embedding the same liblumidevsdk.so let attackers who extract the static keys from the shipped binary decrypt protected data and forge or tamper with device/cloud communications. Because every install ships the identical embedded keys, a single extraction compromises confidentiality and integrity across the entire installed base. Reported by runZero (CVE-2026-50091 / EUVD-2026-36481); publicly available exploit code exists (GitHub PoC 'theres-no-place-like-home'), but it is not on CISA KEV and EPSS is very low at 0.03%.

Google Information Disclosure Com Lumiunited Aqarahome
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Hard-coded cryptographic keys in the Aqara Home Android app (com.lumiunited.aqarahome) 6.0.0 and white-label clients embedding the same liblumidevsdk.so let attackers who extract the static keys from the shipped binary decrypt protected data and forge or tamper with device/cloud communications. Because every install ships the identical embedded keys, a single extraction compromises confidentiality and integrity across the entire installed base. Reported by runZero (CVE-2026-50091 / EUVD-2026-36481); publicly available exploit code exists (GitHub PoC 'theres-no-place-like-home'), but it is not on CISA KEV and EPSS is very low at 0.03%.

Google Information Disclosure Com Lumiunited Aqarahome
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy