PT-2022-17624 · Anker · Anker Eufy Homebase 2
Lilith >_>
·
Published
2022-05-05
·
Updated
2022-10-27
·
CVE-2022-25989
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Anker Eufy Homebase 2 version 2.1.8.5h
Description
An authentication bypass issue exists in the libxm av.so getpeermac() functionality. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can trigger this issue by DHCP poisoning.
Recommendations
For Anker Eufy Homebase 2 version 2.1.8.5h, as a temporary workaround, consider restricting access to the
getpeermac() function in the libxm av.so module until a patch is available. Avoid using the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anker Eufy Homebase 2