CVE-2021-3555

A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
BitdefenderCNA
7.6 HIGH
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
eufylifesolo_indoorcam_c24_firmware
𝑥
≤ 2.0.9.3
eufylifesolo_indoorcam_p24_firmware
𝑥
≤ 2.0.9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/