CVE-2021-21955
CVE-2021-21955
In short
A flaw in Anker Eufy Homebase 2 allows attackers to recover the device password by intercepting network traffic. An attacker on the same network can capture unencrypted information to bypass authentication and gain unauthorized access.
Technical detail
The get_aes_key_info_by_packetid() function in the home_security binary fails to properly protect encryption key information, allowing network sniffing to extract sensitive data used for authentication. An attacker with network access can passively intercept traffic to recover credentials without needing valid authentication, leading to unauthorized device control.
Summary generated and translated by AI from the official description.
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Affected products
n/a · AnkerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →