Headline
Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem…
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2.
The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem. All Eufy devices connect to this cloud-connected device and allow users to adjust the settings on other Eufy Smarthome devices.
TALOS-2022-1440 (CVE-2022-21806) is a use-after-free vulnerability an attacker could exploit by sending specially crafted packets to the targeted device. If successful, they could then execute remote code. Similarly, TALOS-2022-1480 (CVE-2022-26073) can also be triggered by specially crafted packets, but in this case, it forces the device to reboot.
TALOS-2022-1479 (CVE-2022-25989) could allow an adversary to bypass authentication on the device and have traffic sent to an attacker-controlled device rather than the Homebase. This vulnerability is triggered when the attacker sends the device a specially crafted DHCP packet.
Cisco Talos worked with Anker to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: Anker Eufy Homebase 2, version 2.1.8.5h. Talos tested and confirmed these versions of Homebase could be exploited by these vulnerabilities.
The following Snort rules will detect exploitation attempts against this vulnerability: 59267. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Related news
A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.
A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability.