Login Sign Up

CVE-2021-21952

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

An authentication bypass vulnerability in Anker Eufy Homebase 2 allows attackers to gain elevated privileges without valid credentials by sending specially crafted network packets. This affects all users of the vulnerable firmware version. Attackers could potentially take full control of the home security system.

💻 Affected Systems

Products:
  • Anker Eufy Homebase 2
Versions: 2.1.6.9h
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the home_security binary's CMD_DEVICE_GET_RSA_KEY_REQUEST functionality.

📦 What is this software?

Eufy Homebase 2 Firmware by Anker

View all CVEs affecting Eufy Homebase 2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the home security system, allowing attackers to disable security features, access camera feeds, manipulate device settings, and potentially pivot to other network devices.

🟠

Likely Case

Unauthorized access to the home security system with administrative privileges, enabling surveillance bypass, device manipulation, and data exfiltration.

🟢

If Mitigated

Limited impact if network segmentation isolates the device and strong perimeter controls prevent external access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires network access to the device but no authentication. Exploitation involves sending crafted packets to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.8.5h or later

Vendor Advisory: https://us.eufylife.com/pages/security

Restart Required: Yes

Instructions:

1. Log into Eufy Security app. 2. Navigate to device settings. 3. Check for firmware updates. 4. Apply update to version 2.1.8.5h or newer. 5. Reboot the Homebase 2 after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Homebase 2 from untrusted networks and the internet

Firewall Rules

linux

Block external access to Homebase 2 management ports

iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport [PORT] -j DROP

🧯 If You Can't Patch

  • Disconnect the Homebase 2 from the internet and place it behind a firewall
  • Monitor network traffic for unusual authentication attempts or privilege escalation patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Eufy Security app: Settings > General > About Homebase > Firmware Version

Check Version:

Not applicable - check via mobile app interface only

Verify Fix Applied:

Confirm firmware version is 2.1.8.5h or newer in the Eufy Security app

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication events
  • Multiple failed authentication attempts followed by successful privileged access
  • Unexpected device configuration changes

Network Indicators:

  • Unusual network traffic to Homebase 2 management ports
  • Suspicious packet patterns matching exploit signatures

SIEM Query:

source="homebase" AND (event_type="authentication" AND result="success" AND user="unknown") OR (event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2021-21952
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-288
Published: December 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21952, you might also want to check these:

CVE-2024-2973 10.0

This CVE-2024-2973 is an authentication bypass vulnerability affecting Juniper Networks Session Smar...

Same vulnerability type (CWE-288)
CVE-2024-1709 10.0

CVE-2024-1709 is an authentication bypass vulnerability in ConnectWise ScreenConnect that allows att...

Same vulnerability type (CWE-288)
CVE-2024-10081 10.0

CVE-2024-10081 is an authentication bypass vulnerability in CodeChecker that allows attackers to gai...

Same vulnerability type (CWE-288)