An unauthenticated remote code execution vulnerability in the Aqara Board service allows attackers to hijack devices by sending arbitrary MQTT commands.

The service lacks proper authentication for MQTT command payloads. It forwards these arbitrary commands directly to the platform's HiveMQ broker, enabling an unauthenticated attacker to take full control of affected devices.

With a CVSS score of 8.6, this vulnerability poses a critical risk to IoT infrastructure. An attacker could remotely take over devices, potentially leading to unauthorized physical access or the creation of a massive botnet. The lack of authentication makes this an exceptionally dangerous flaw for any organization managing these devices at scale.

Immediate Action: Apply security updates provided by Aqara immediately, or disable the affected service if it is not business-critical.

Proactive Monitoring: Monitor MQTT broker traffic for unauthorized or anomalous command payloads that do not originate from authenticated sources.

Compensating Controls: Place the device management network behind a robust firewall or VPN to restrict access to the MQTT broker to authorized personnel only.

Public Exploit Available: false

This vulnerability is highly critical due to the lack of authentication required for device control. Organizations must immediately secure their Aqara deployments and ensure all firmware is patched to the latest version to prevent unauthorized remote access.