CVE-2021-21955

Name of the Vulnerable Software and Affected Versions Anker Eufy Homebase 2 version 2.1.6.9h

Description An authentication bypass issue exists in the get aes key info by packetid() function of the home security binary. This is due to a limited number of possible random values. An attacker can exploit this by sniffing network traffic, potentially leading to password recovery. The vulnerability can be triggered remotely.

Recommendations For Anker Eufy Homebase 2 version 2.1.6.9h, consider disabling the get aes key info by packetid() function as a temporary workaround until a patch is available. Restrict access to the home security binary to minimize the risk of exploitation. Avoid using the affected system for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.