CVE-2026-50091
CriticalCVSS 9.1Summary
Aqara Home on Android version 6.0.0 and white-label clients using the same liblumidevsdk.so library use hard-coded cryptographic keys. This is an instance of CWE-321: Use of Hard-coded Cryptographic Key.
Risk Assessment
The use of hard-coded cryptographic keys increases the risk of unauthorized access to data, potentially leading to serious security breaches within the organization.
Recommendation
It is recommended to avoid using hard-coded cryptographic keys and to implement mechanisms for generating keys in real-time and securely storing them.
Original NVD description (English source)
Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical).

