Lucene search
+L

149 matches found

BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.7 views

The vulnerability of the “recv_server_device_response_msg_process” function in Anker Eufy Homebase surveillance systems allows a intruder to execute arbitrary code.

The vulnerability of the “recvserverdeviceresponsemsgprocess” function in Anker Eufy Homebase surveillance systems arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the target system...

10CVSS8.5AI score0.02405EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/12/09 4:15 p.m.5 views

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

9.9CVSS6AI score0.02433EPSS
Exploits1References1
OSV
OSV
added 2021/12/09 4:15 p.m.2 views

CVE-2021-21955

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

7.5CVSS5.8AI score0.00978EPSS
Exploits1References1
NVD
NVD
added 2021/12/09 4:15 p.m.25 views

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

9.9CVSS0.02433EPSS
Exploits1References1
NVD
NVD
added 2021/12/09 4:15 p.m.31 views

CVE-2021-21955

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

7.7CVSS0.00978EPSS
Exploits1References1
Prion
Prion
added 2021/12/09 4:15 p.m.23 views

Authentication flaw

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

5CVSS7.7AI score0.00978EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/09 3:32 p.m.30 views

CVE-2021-21955

An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...

7.7CVSS7.9AI score0.00978EPSS
Exploits1References1
CVE
CVE
added 2021/12/09 3:32 p.m.69 views

CVE-2021-21955

The CVE refers to Anker Eufy Homebase 2 (2.1.6.9h) in the home_security get_aes_key_info_by_packetid() authentication bypass. TALOS details show the weakness: the function combines the 0x10-byte randomly generated AES secret with the decimal time of the device into an output secret, then overwrit...

7.7CVSS7.7AI score0.00978EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/09 3:32 p.m.24 views

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

9.9CVSS9.9AI score0.02433EPSS
Exploits1References1
CVE
CVE
added 2021/12/09 3:32 p.m.54 views

CVE-2021-21954

CVE-2021-21954 affects Anker Eufy Homebase 2 (home_security binary) via wifi_country_code_update. The vulnerable code parses a JSON field country_code and injects it into the shell command (iwpriv ra0 set CountryCode=%s) without sanitization, leading to arbitrary command execution as root when th...

9.9CVSS9.6AI score0.02433EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/12/08 10:15 p.m.6 views

CVE-2021-21951

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...

10CVSS7.4AI score0.02405EPSS
Exploits1References1
NVD
NVD
added 2021/12/08 10:15 p.m.22 views

CVE-2021-21950

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...

10CVSS0.02405EPSS
Exploits1References1
NVD
NVD
added 2021/12/08 10:15 p.m.29 views

CVE-2021-21951

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...

10CVSS0.02405EPSS
Exploits1References1
OSV
OSV
added 2021/12/08 10:15 p.m.6 views

CVE-2021-21950

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...

10CVSS7.4AI score0.02405EPSS
Exploits1References1
Prion
Prion
added 2021/12/08 10:15 p.m.18 views

Cross site scripting

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...

10CVSS9.6AI score0.02405EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/08 10:15 p.m.22 views

Cross site scripting

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...

10CVSS9.6AI score0.02405EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/08 9:28 p.m.34 views

CVE-2021-21951

An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...

10CVSS9.9AI score0.02405EPSS
Exploits1References1
CVE
CVE
added 2021/12/08 9:28 p.m.62 views

CVE-2021-21951

CVE-2021-21951 affects Anker Eufy Homebase 2 (binary home_security, 2.1.6.9h). A crafted CMD_DEVICE_GET_SERVER_LIST_REQUEST (and related read_udp_push_config_file handling) triggers an out-of-bounds write, via unvalidated nums/domainN fields, enabling a write-what-where that can lead to code exec...

10CVSS9.6AI score0.02405EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/12/01 12:0 a.m.25 views

Anker Eufy Homebase 2 Buffer Overflow Vulnerability

Anker Eufy Homebase is a wireless home security camera system from Eufy U.S.A. A buffer overflow vulnerability exists in Anker Eufy Homebase 2 version 2.1.6.9h, which can be exploited by attackers to cause code execution...

10CVSS5.5AI score0.02405EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/01 12:0 a.m.43 views

Eufy Anker Eufy Homebase 2 out-of-bounds write vulnerability

Anker Eufy Homebase is a wireless home security camera system from Eufy U.S.A. An out-of-bounds write vulnerability exists in Anker Eufy Homebase version 2.1.6.9h, which can be exploited by attackers to cause code execution via specially crafted network packets...

10CVSS4.9AI score0.02405EPSS
Exploits1References1
Rows per page
Query Builder