CVE-2021-21955

High

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy…

talos·CWE-334·Published 2021-12-09

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

280 chars

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.

NVDen

280 chars

NVDes

339 chars

Se presenta una vulnerabilidad de omisión de autenticación en la función get_aes_key_info_by_packetid() del binario home_security de Anker Eufy Homebase versión 2 2.1.6.9h. Un sniffing genérico de la red puede conllevar a una recuperación de la contraseña. Un atacante puede olfatear el tráfico de red para desencadenar esta vulnerabilidad

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	7.7	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
3.0	Primary	cve.org	7.7	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
3.0	Secondary	NVD	7.7	2.2	5.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N