CVE-2021-21952
CRITICAL WAF: Low
CVSS 9.8
Published: 2021-12-22
CWE-287
An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| anker | eufy_homebase_2_firmware | 2.1.6.9h |
References
- talosintelligence.com (Exploit, Third Party Advisory)