Total
12 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-25989 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-10-27 | 5.8 MEDIUM | 8.8 HIGH |
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. | |||||
CVE-2022-26073 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-10-27 | 6.1 MEDIUM | 6.5 MEDIUM |
A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. | |||||
CVE-2022-29503 | 3 Anker, Uclibc, Uclibc-ng Project | 4 Eufy Homebase 2, Eufy Homebase 2 Firmware, Uclibc and 1 more | 2022-10-03 | N/A | 9.8 CRITICAL |
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability. | |||||
CVE-2021-21955 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. | |||||
CVE-2021-21953 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 6.8 MEDIUM | 8.1 HIGH |
An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges. | |||||
CVE-2021-21952 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges. | |||||
CVE-2021-21954 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 9.0 HIGH | 9.9 CRITICAL |
A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. | |||||
CVE-2021-21951 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 10.0 HIGH | 10.0 CRITICAL |
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. | |||||
CVE-2021-21941 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 6.8 MEDIUM | 9.0 CRITICAL |
A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. | |||||
CVE-2021-21950 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 10.0 HIGH | 10.0 CRITICAL |
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution. | |||||
CVE-2021-21940 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 7.5 HIGH | 10.0 CRITICAL |
A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2022-21806 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network. |