CVE-2021-21950

Name of the Vulnerable Software and Affected Versions Anker Eufy Homebase 2 version 2.1.6.9h

Description An out-of-bounds write issue exists in the CMD DEVICE GET SERVER LIST REQUEST functionality of the home security binary, specifically in the recv server device response msg process function. This can be exploited by a specially-crafted network packet, potentially leading to code execution.

Recommendations For Anker Eufy Homebase 2 version 2.1.6.9h, consider disabling the recv server device response msg process function until a patch is available to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.