The vulnerability of the `get_aes_key_info_by_packetid()` function in Anker Eufy Homebase surveillance systems allows a intruder to bypass the authentication process.

🗓️ 26 May 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

The get_aes_key_info_by_packetid function in Anker Eufy Homebase enables remote authentication bypass due to limited random values.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-21955	9 Dec 202118:23	–	circl
CNNVD	Eufy Anker Eufy Homebase 授权问题漏洞	29 Nov 202100:00	–	cnnvd
CNVD	Eufy Anker Eufy Homebase 2 Authentication Bypass Vulnerability (CNVD-2022-00623)	1 Dec 202100:00	–	cnvd
CVE	CVE-2021-21955	9 Dec 202115:32	–	cve
Cvelist	CVE-2021-21955	9 Dec 202115:32	–	cvelist
EUVD	EUVD-2021-9126	3 Oct 202520:07	–	euvd
NVD	CVE-2021-21955	9 Dec 202116:15	–	nvd
Prion	Authentication flaw	9 Dec 202116:15	–	prion
Positive Technologies	PT-2021-7057 · Anker · Anker Eufy Homebase 2	29 Nov 202100:00	–	ptsecurity
RedhatCVE	CVE-2021-21955	22 May 202521:31	–	redhatcve

Vulners

Node

anker_technology eufy_homebase_2Match2.1.6.9h

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2021-1382
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021113006
web	www.web.nvd.nist.gov/view/vuln/detail
talosintelligence	www.talosintelligence.com/reports/TALOS-2021-1382

26 May 2022 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 27.3

CVSS 37.7

EPSS0.00978

remote authentication bypass limited random values anker eufy homebase get aes key info