CVE-2021-21955
7.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Summary
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Anker | Anker Eufy Homebase 2 2.1.6.9h | affected |
Weaknesses
- CWE-334: CWE-334: Small Space of Random Values
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.