CVE-2021-21952

Name of the Vulnerable Software and Affected Versions Anker Eufy Homebase 2 version 2.1.6.9h

Description The issue is related to an authentication bypass in the CMD DEVICE GET RSA KEY REQUEST functionality of the home security binary. It can be exploited by a specially-crafted set of network packets, potentially leading to increased privileges. The vulnerability is associated with weaknesses in the authentication procedure, which can allow a remote attacker to bypass authentication or gain unauthorized access to the device.

Recommendations For Anker Eufy Homebase 2 version 2.1.6.9h, consider restricting access to the CMD DEVICE GET RSA KEY REQUEST functionality until a patch is available. As a temporary workaround, limit the exposure of the home security binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.