CVE-2022-21806 CRITICAL

CVE-2022-21806

Vendor Anker
Product Eufy Homebase 2
Weakness CWE-368
Published June 17, 2022
Last update April 15, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

Key dates

02Disclosure timeline

June 17, 2022 CVE published
April 15, 2025 Record updated