CVE-2021-21955
09.12.2021, 16:15
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| anker | eufy_homebase_2_firmware | 2.1.6.9h:h |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-334 - Small Space of Random ValuesThe number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.