Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass

Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2.

The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem. All Eufy devices connect to this cloud-connected device and allow users to adjust the settings on other Eufy Smarthome devices.

TALOS-2022-1440 (CVE-2022-21806) is a use-after-free vulnerability an attacker could exploit by sending specially crafted packets to the targeted device. If successful, they could then execute remote code. Similarly, TALOS-2022-1480 (CVE-2022-26073) can also be triggered by specially crafted packets, but in this case, it forces the device to reboot.

TALOS-2022-1479 (CVE-2022-25989) could allow an adversary to bypass authentication on the device and have traffic sent to an attacker-controlled device rather than the Homebase. This vulnerability is triggered when the attacker sends the device a specially crafted DHCP packet.

Cisco Talos worked with Anker to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Anker Eufy Homebase 2, version 2.1.8.5h. Talos tested and confirmed these versions of Homebase could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against this vulnerability: 59267. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.