149 matches found
The vulnerability of the “recv_server_device_response_msg_process” function in Anker Eufy Homebase surveillance systems allows a intruder to execute arbitrary code.
The vulnerability of the “recvserverdeviceresponsemsgprocess” function in Anker Eufy Homebase surveillance systems arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the target system...
CVE-2021-21954
A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...
CVE-2021-21955
An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2021-21954
A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...
CVE-2021-21955
An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...
Authentication flaw
An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2021-21955
An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2021-21955
The CVE refers to Anker Eufy Homebase 2 (2.1.6.9h) in the home_security get_aes_key_info_by_packetid() authentication bypass. TALOS details show the weakness: the function combines the 0x10-byte randomly generated AES secret with the decimal time of the device into an output secret, then overwrit...
CVE-2021-21954
A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...
CVE-2021-21954
CVE-2021-21954 affects Anker Eufy Homebase 2 (home_security binary) via wifi_country_code_update. The vulnerable code parses a JSON field country_code and injects it into the shell command (iwpriv ra0 set CountryCode=%s) without sanitization, leading to arbitrary command execution as root when th...
CVE-2021-21951
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...
CVE-2021-21950
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...
CVE-2021-21951
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...
CVE-2021-21950
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...
Cross site scripting
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function recvserverdeviceresponsemsgprocess. A specially-crafted network packet can lead to code execution...
Cross site scripting
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...
CVE-2021-21951
An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h in function readudppushconfigfile. A specially-crafted network packet can lead to code execution...
CVE-2021-21951
CVE-2021-21951 affects Anker Eufy Homebase 2 (binary home_security, 2.1.6.9h). A crafted CMD_DEVICE_GET_SERVER_LIST_REQUEST (and related read_udp_push_config_file handling) triggers an out-of-bounds write, via unvalidated nums/domainN fields, enabling a write-what-where that can lead to code exec...
Anker Eufy Homebase 2 Buffer Overflow Vulnerability
Anker Eufy Homebase is a wireless home security camera system from Eufy U.S.A. A buffer overflow vulnerability exists in Anker Eufy Homebase 2 version 2.1.6.9h, which can be exploited by attackers to cause code execution...
Eufy Anker Eufy Homebase 2 out-of-bounds write vulnerability
Anker Eufy Homebase is a wireless home security camera system from Eufy U.S.A. An out-of-bounds write vulnerability exists in Anker Eufy Homebase version 2.1.6.9h, which can be exploited by attackers to cause code execution via specially crafted network packets...