Lucene search
+L

201 matches found

CVE
CVE
added 2022/05/05 5:35 p.m.115 views

CVE-2022-25989

Anker Eufy Homebase 2 (version 2.1.8.5h) contains an authentication bypass in the libxm_av.so getpeermac() function. A specially crafted DHCP packet can trigger DHCP poisoning to bypass authentication, enabling access to internal ports if the attacker can poison the network. TALOS reports the vul...

8.8CVSS8.8AI score0.00989EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/05 5:35 p.m.7 views

CVE-2022-25989

An authentication bypass vulnerability exists in the libxmav.so getpeermac functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability...

7.1CVSS9AI score0.00989EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/05 5:35 p.m.37 views

CVE-2022-25989

An authentication bypass vulnerability exists in the libxmav.so getpeermac functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability...

7.1CVSS9AI score0.00989EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/05/05 12:0 a.m.8 views

PT-2022-17624 · Anker · Anker Eufy Homebase 2

Name of the Vulnerable Software and Affected Versions: Anker Eufy Homebase 2 version 2.1.8.5h Description: An authentication bypass issue exists in the libxm av.so getpeermac functionality. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can trigger this issue by DH...

8.8CVSS7AI score0.00989EPSS
Exploits1References4
Talos
Talos
added 2022/05/05 12:0 a.m.47 views

Anker Eufy Homebase 2 libxm_av.so DemuxCmdInBuffer buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1480 Anker Eufy Homebase 2 libxmav.so DemuxCmdInBuffer buffer overflow vulnerability May 5, 2022 CVE Number CVE-2022-26073 SUMMARY A denial of service vulnerability exists in the libxmav.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A...

7.4CVSS7.1AI score0.0071EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/05/05 12:0 a.m.8 views

PT-2022-17653 · Anker · Anker Eufy Homebase 2

Name of the Vulnerable Software and Affected Versions: Anker Eufy Homebase 2 version 2.1.8.5h Description: A denial of service issue exists in the libxm av.so DemuxCmdInBuffer functionality. This can be triggered by a specially-crafted set of network packets, leading to a device reboot. An attack...

7.4CVSS6.6AI score0.0071EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.10 views

The vulnerability of the “read_udp_push_config_file” function in Anker Eufy Homebase surveillance software allows a intruder to execute arbitrary code.

The vulnerability of the “readudppushconfigfile” function in Anker Eufy Homebase surveillance systems arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS8.3AI score0.02405EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/12/22 7:15 p.m.42 views

CVE-2021-21953

An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges...

8.1CVSS0.00978EPSS
Exploits1References1
NVD
NVD
added 2021/12/22 7:15 p.m.35 views

CVE-2021-21952

An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges...

9.8CVSS0.01271EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:7 p.m.60 views

CVE-2021-21953

The connected TALOS advisory confirms CVE-2021-21953 affects Anker Eufy Homebase 2, version 2.1.6.9h, where the home_security binary’s process_msg() enables an authentication bypass. The attack is MITM-capable over UDP, and the vulnerability arises because protocol traffic can be tampered to issu...

8.1CVSS8.1AI score0.00978EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:7 p.m.46 views

CVE-2021-21953

An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges...

7.7CVSS8.4AI score0.00978EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/22 6:7 p.m.44 views

CVE-2021-21952

An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges...

9.4CVSS9.8AI score0.01271EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:7 p.m.68 views

CVE-2021-21952

The connected TALOS advisory confirms CVE-2021-21952 affects Anker Eufy Homebase 2, binary home_security, via an authentication bypass in CMD_DEVICE_GET_RSA_KEY_REQUEST. The exploit chain begins with an unauthenticated CMD_DEVICE_GET_RSA_KEY_REQUEST that triggers a flawed RSA/AES key exchange: th...

9.8CVSS9.5AI score0.01271EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.8 views

The vulnerability of the “recv_server_device_response_msg_process” function in Anker Eufy Homebase surveillance systems allows a intruder to execute arbitrary code.

The vulnerability of the “recvserverdeviceresponsemsgprocess” function in Anker Eufy Homebase surveillance systems arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the target system...

10CVSS8.5AI score0.02405EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.5 views

The vulnerability of the wifi_country_code_update function in the microprogramming software for surveillance systems from Anker Eufy Homebase allows a intruder to execute arbitrary commands on the operating system.

The vulnerability of the wifiCountryCodeUpdate function in Anker Eufy Homebase software exists because measures are not taken to neutralize the special commands used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands by...

8.8CVSS8.1AI score0.02433EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/12/09 4:15 p.m.25 views

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

9.9CVSS0.02433EPSS
Exploits1References1
NVD
NVD
added 2021/12/09 4:15 p.m.31 views

CVE-2021-21955

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

7.7CVSS0.00978EPSS
Exploits1References1
OSV
OSV
added 2021/12/09 4:15 p.m.5 views

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

9.9CVSS6AI score0.02433EPSS
Exploits1References1
Prion
Prion
added 2021/12/09 4:15 p.m.25 views

Authentication flaw

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

5CVSS7.7AI score0.00978EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/09 3:32 p.m.69 views

CVE-2021-21955

The CVE refers to Anker Eufy Homebase 2 (2.1.6.9h) in the home_security get_aes_key_info_by_packetid() authentication bypass. TALOS details show the weakness: the function combines the 0x10-byte randomly generated AES secret with the decimal time of the device into an output secret, then overwrit...

7.7CVSS7.7AI score0.00978EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder