Vulnerability Details CVE-2021-21955
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.5%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 5.0
References
Products affected by CVE-2021-21955
-
cpe:2.3:h:anker:eufy_homebase_2:-
-
cpe:2.3:o:anker:eufy_homebase_2_firmware:2.1.6.9h