VYPR

Eufy Homebase 2

by Anker

CVEs (11)

  • CVE-2021-21954CriDec 9, 2021
    risk 0.65cvss 9.9epss 0.02

    A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.

  • CVE-2021-21951CriDec 8, 2021
    risk 0.65cvss 10.0epss 0.02

    An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.

  • CVE-2021-21950CriDec 8, 2021
    risk 0.65cvss 10.0epss 0.02

    An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.

  • CVE-2021-21940CriOct 12, 2021
    risk 0.65cvss 10.0epss 0.01

    A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2022-21806CriJun 17, 2022
    risk 0.64cvss 9.8epss 0.02

    A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

  • CVE-2021-21952CriDec 22, 2021
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.

  • CVE-2021-21941CriOct 12, 2021
    risk 0.59cvss 9.0epss 0.02

    A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

  • CVE-2022-25989HigMay 5, 2022
    risk 0.57cvss 8.8epss 0.01

    An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability.

  • CVE-2021-21953HigDec 22, 2021
    risk 0.53cvss 8.1epss 0.01

    An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges.

  • CVE-2021-21955HigDec 9, 2021
    risk 0.49cvss 7.5epss 0.01

    An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.

  • CVE-2022-26073MedMay 5, 2022
    risk 0.42cvss 6.5epss 0.01

    A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.