CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21953
https://notcve.org/view.php?id=CVE-2021-21953
22 Dec 2021 — An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges. Se presenta una vulnerabilidad de omisión de autenticación en la función process_msg() del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h. Un ataque de tipo man-in-the-middle especialmente diseñado puede conllevar a un aumento de privilegios • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1380 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21952
https://notcve.org/view.php?id=CVE-2021-21952
22 Dec 2021 — An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges. Se presenta una vulnerabilidad de omisión de autenticación en la funcionalidad CMD_DEVICE_GET_RSA_KEY_REQUEST del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h. Un conjunto de paquetes de red especialmente diseñado puede conllevar a un aumento de privilegi... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1379 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21955
https://notcve.org/view.php?id=CVE-2021-21955
09 Dec 2021 — An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. Se presenta una vulnerabilidad de omisión de autenticación en la función get_aes_key_info_by_packetid() del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h. Un sniffing genérico de la red puede conllevar a una recup... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1382 • CWE-287: Improper Authentication CWE-334: Small Space of Random Values •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21954
https://notcve.org/view.php?id=CVE-2021-21954
09 Dec 2021 — A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. Se presenta una vulnerabilidad de ejecución de comandos en la funcionalidad wifi_country_code_update del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h. Un conjunto de paquetes de red especialmente diseñado puede conllevar a una ejecución de un comando arbitrar... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1381 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21950
https://notcve.org/view.php?id=CVE-2021-21950
08 Dec 2021 — An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad CMD_DEVICE_GET_SERVER_LIST_REQUEST del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h en la función recv_server_device_response_msg_proc... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1378 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21951
https://notcve.org/view.php?id=CVE-2021-21951
08 Dec 2021 — An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad CMD_DEVICE_GET_SERVER_LIST_REQUEST del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h en la función read_udp_push_config_file. Un paquete de red espec... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1378 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21941
https://notcve.org/view.php?id=CVE-2021-21941
12 Oct 2021 — A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad pushMuxer CreatePushThread de Anker Eufy Homebase versión 2 2.1.6.9h. Un conjunto de paquetes de red especialmente diseñado puede conllevar a una ejecución de código remota • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1370 • CWE-368: Context Switching Race Condition CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21940
https://notcve.org/view.php?id=CVE-2021-21940
12 Oct 2021 — A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad pushMuxer processRtspInfo de Anker Eufy Homebase versión 2 2.1.6.9h. Un paquete de red especialmente diseñado puede conllevar a ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1369 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •