CVE-2021-21950

Exploit

EPSS 0.88%
Published 08.12.2021 22:15:08
Last modified 21.11.2024 05:49:18
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Anker ≫ Eufy Homebase 2 Firmware Version2.1.6.9h

Anker ≫ Eufy Homebase 2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.88%	0.744

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
talos-cna@cisco.com	10	3.9	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1378

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-21950

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21950

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21950

EUVD