CVE-2021-21955 HIGH

CVE-2021-21955

Vendor N/A
Product Anker
Weakness CWE-334
Published December 9, 2021
Last update August 3, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.

Key dates

02Disclosure timeline

December 9, 2021 CVE published
August 3, 2024 Record updated