Shodan
Vulnerabilities
Vulnerable Software
Anker:  >> Eufy Homebase 2 Firmware  >> 2.1.6.9h  Security Vulnerabilities
CVE-2021-21952
An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.
CVSS Score
9.4
EPSS Score
0.005
Published
2021-12-22
CVE-2021-21953
An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges.
CVSS Score
7.7
EPSS Score
0.003
Published
2021-12-22
CVE-2021-21954
A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.
CVSS Score
9.9
EPSS Score
0.017
Published
2021-12-09
CVE-2021-21955
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.
CVSS Score
7.7
EPSS Score
0.005
Published
2021-12-09
CVE-2021-21950
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.
CVSS Score
10.0
EPSS Score
0.009
Published
2021-12-08
CVE-2021-21951
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.
CVSS Score
10.0
EPSS Score
0.009
Published
2021-12-08
CVE-2021-21940
A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
10.0
EPSS Score
0.005
Published
2021-10-12
CVE-2021-21941
A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.
CVSS Score
10.0
EPSS Score
0.018
Published
2021-10-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved