CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21951
https://notcve.org/view.php?id=CVE-2021-21951
08 Dec 2021 — An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad CMD_DEVICE_GET_SERVER_LIST_REQUEST del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h en la función read_udp_push_config_file. Un paquete de red espec... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1378 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21941
https://notcve.org/view.php?id=CVE-2021-21941
12 Oct 2021 — A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad pushMuxer CreatePushThread de Anker Eufy Homebase versión 2 2.1.6.9h. Un conjunto de paquetes de red especialmente diseñado puede conllevar a una ejecución de código remota • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1370 • CWE-368: Context Switching Race Condition CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21940
https://notcve.org/view.php?id=CVE-2021-21940
12 Oct 2021 — A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad pushMuxer processRtspInfo de Anker Eufy Homebase versión 2 2.1.6.9h. Un paquete de red especialmente diseñado puede conllevar a ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1369 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2018-4029
https://notcve.org/view.php?id=CVE-2018-4029
13 May 2019 — An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution. Se presenta una vulnerabilidad de ejecución de código explotable en la función de análisis de peticiones (request-parsing) de HTTP de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un pa... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0701 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4024
https://notcve.org/view.php?id=CVE-2018-4024
13 May 2019 — An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Se presenta una vulnerabilidad de Denegación de Servicio (DoS) explotable en la funcionalidad thumbnail display de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un paquete especialmente manipula... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0696 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4027
https://notcve.org/view.php?id=CVE-2018-4027
13 May 2019 — An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. Se presenta una vulnerabilidad de Denegación de Servicio (DoS) explotable en el comando Wi-Fi XML_UploadFile de NT9665... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0699 • CWE-662: Improper Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4028
https://notcve.org/view.php?id=CVE-2018-4028
13 May 2019 — An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. Se presenta una vulnerabilidad explotable de actualización de firmware, en NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. El servidor HTTP... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0700 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2018-4018
https://notcve.org/view.php?id=CVE-2018-4018
13 May 2019 — An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. Se presenta una vulnerabilidad explotable de actualización de firmware en NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. El se... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0689 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4025
https://notcve.org/view.php?id=CVE-2018-4025
13 May 2019 — An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. Se presenta una vulnerabilidad explotable de Denegación de Servicio (DoS) en el comando Wi-Fi XML_GetRawEncJpg Wi-Fi de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un paquete especialmente c... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0697 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4026
https://notcve.org/view.php?id=CVE-2018-4026
13 May 2019 — An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. Se presenta una vulnerabilidad explotable de Denegación de Servicio (DoS) en el comando Wi-Fi XML_GetScreen del de NT9665X Chipset firmware ejecutado en Anker Roav A1 Dashcam, versión RoavA1SWV1.9. Un conjunto de paquetes es... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0698 • CWE-754: Improper Check for Unusual or Exceptional Conditions •