CVE-2023-37822

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation...

CVE-2023-37822

The CVE-2023-37822 issue affects Eufy Homebase 2 prior to firmware 3.3.4.1h. The dedicated ecosystem Wi‑Fi network uses a WPA2-PSK that is generated solely from the device serial number, enabling offline brute force in seconds. An attacker in proximity to the dedicated network could access the en...

CVE-2022-21806

CVE-2022-21806 affects Anker Eufy Homebase 2 (2.1.8.5h). Talos-reported use-after-free in mips_collector's appsrv_server, reachable over the network, potentially enabling remote code execution via crafted MT messages. The issue’s impact is described as high/critical, with the server component exp...

CVE-2022-25989

An authentication bypass vulnerability exists in the libxmav.so getpeermac functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability...

Authentication flaw

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

CVE-2021-21951

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...

CVE-2021-21951

CVE-2021-21951 affects Anker Eufy Homebase 2 (binary home_security, 2.1.6.9h). A crafted CMD_DEVICE_GET_SERVER_LIST_REQUEST (and related read_udp_push_config_file handling) triggers an out-of-bounds write, via unvalidated nums/domainN fields, enabling a write-what-where that can lead to code exec...

Eufy Anker Eufy Homebase 2 Authentication Bypass Vulnerability

Anker Eufy Homebase is a wireless home security camera system from Eufy U.S. An authentication bypass vulnerability exists in Eufy Anker Eufy Homebase 2, which could be exploited by attackers to elevate privileges...

Eufy Anker Eufy Homebase 2 Authentication Bypass Vulnerability (CNVD-2022-00623)

Anker Eufy Homebase is a wireless home security camera system from Eufy U.S. An authentication bypass vulnerability exists in Anker Eufy Homebase 2 version 2.1.6.9h, which can be exploited by attackers to sniff network traffic leading to password recovery...

Anker Eufy Homebase 2 OS Command Injection Vulnerability

The Anker Eufy Homebase 2 is a wireless home security camera system from Eufy USA. The Anker Eufy Homebase 2 suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands via specially crafted network packets...

CVE-2021-21940

Summary (CVE-2021-21940) : The TALOS advisory documents a heap-based buffer overflow in the Anker Eufy Homebase 2 pushMuxer when processing RTSP info. A crafted RTSP packet (without a proper CRLFCRLF termination) can cause the server to overflow the 0x800-byte receive buffer across adjacent RtspS...