Login Sign Up

CVE-2021-21955

7.5 HIGH
Authentication Bypass

📋 TL;DR

An authentication bypass vulnerability in Anker Eufy Homebase 2 allows attackers to recover passwords by sniffing network traffic. This affects users of the vulnerable firmware version who have their devices connected to untrusted networks. Attackers can potentially gain unauthorized access to the home security system.

💻 Affected Systems

Products:
  • Anker Eufy Homebase 2
Versions: 2.1.6.9h and possibly earlier versions
Operating Systems: Embedded Linux-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware are affected regardless of configuration.

📦 What is this software?

Eufy Homebase 2 Firmware by Anker

View all CVEs affecting Eufy Homebase 2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of home security system, unauthorized access to cameras and sensors, potential physical security breach.

🟠

Likely Case

Unauthorized access to home security system, privacy violation through camera access, potential device takeover.

🟢

If Mitigated

Limited impact if device is isolated on trusted network with proper segmentation.

🌐 Internet-Facing: HIGH - Device is typically internet-connected for remote access, making it vulnerable to network sniffing attacks.
🏢 Internal Only: MEDIUM - Requires attacker to be on same network segment, but home networks often have multiple untrusted devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access but no authentication. Attack involves sniffing network traffic and analyzing packet IDs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest firmware (likely 2.1.7.x or later)

Vendor Advisory: https://us.eufylife.com/pages/security

Restart Required: Yes

Instructions:

1. Log into Eufy Security app. 2. Navigate to device settings. 3. Check for firmware updates. 4. Apply available update. 5. Device will restart automatically.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Homebase 2 on separate VLAN or network segment

Disable Remote Access

all

Turn off internet connectivity for Homebase 2 if local-only access is sufficient

🧯 If You Can't Patch

  • Physically disconnect from internet and use local-only access
  • Place behind firewall with strict inbound/outbound rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Eufy Security app under device settings. If version is 2.1.6.9h or earlier, device is vulnerable.

Check Version:

Not applicable - version check through mobile app only

Verify Fix Applied:

Confirm firmware version is updated to latest (post-2.1.6.9h) in Eufy Security app.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful access
  • Unusual network traffic patterns to/from Homebase 2

Network Indicators:

  • Unusual packet sniffing activity on network segment containing Homebase 2
  • Unexpected authentication traffic to Homebase 2

SIEM Query:

Not applicable - consumer IoT device typically lacks enterprise logging

📊 Metadata

CVE ID: CVE-2021-21955
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-334
Published: December 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21955, you might also want to check these:

CVE-2023-39979 9.8

This vulnerability allows remote attackers to bypass authentication in MXsecurity versions before 1....

Same vulnerability type (CWE-334)
CVE-2022-24402 8.8

CVE-2022-24402 is a cryptographic weakness in the TETRA TEA1 keystream generator where the 80-bit ke...

Same vulnerability type (CWE-334)