CVE-2023-37822 – This vulnerability allows attackers within wire... (How to Fix)

Q: What is the severity of CVE-2023-37822?

CVE-2023-37822 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers within wireless range of a Eufy Homebase 2 device to brute-force the WPA2-PSK password within seconds due to flawed password generation based solely on the serial number. Once connected to the dedicated wireless network, attackers can gain unauthorized access to the user's primary network. All users of Eufy Homebase 2 devices with firmware before version 3.3.4.1h are affected.

📋 TL;DR

This vulnerability allows attackers within wireless range of a Eufy Homebase 2 device to brute-force the WPA2-PSK password within seconds due to flawed password generation based solely on the serial number. Once connected to the dedicated wireless network, attackers can gain unauthorized access to the user's primary network. All users of Eufy Homebase 2 devices with firmware before version 3.3.4.1h are affected.

💻 Affected Systems

Products:

Eufy Homebase 2

Versions: All firmware versions before 3.3.4.1h

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The dedicated wireless network is created by default when the device is set up. All devices with default configuration are vulnerable.

📦 What is this software?

Homebase 2 Firmware by Eufy

View all CVEs affecting Homebase 2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the user's primary network, allowing data theft, surveillance, malware deployment, and lateral movement to other connected devices.

🟠

Likely Case

Unauthorized network access enabling surveillance of connected devices, data interception, and potential access to other vulnerable devices on the network.

🟢

If Mitigated

Limited to unauthorized access to the dedicated wireless network only, with proper network segmentation preventing access to primary network resources.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires physical proximity to the wireless network but can be executed with standard wireless tools. The USENIX WOOT24 paper provides detailed exploitation methodology.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.4.1h

Vendor Advisory: http://eufy.com

Restart Required: Yes

Instructions:

1. Log into the Eufy Security app. 2. Navigate to Device Settings. 3. Select Homebase 2. 4. Check for firmware updates. 5. Apply firmware version 3.3.4.1h or later. 6. Restart the Homebase 2 device.

🔧 Temporary Workarounds

Disable dedicated wireless network

all

Turn off the dedicated wireless network feature in the Eufy Security app settings

Network segmentation

all

Isolate the Homebase 2 on a separate VLAN with strict firewall rules preventing access to primary network

🧯 If You Can't Patch

Physically relocate the Homebase 2 to limit wireless signal range and reduce attack surface
Implement MAC address filtering on the dedicated wireless network to restrict authorized devices only

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Eufy Security app under Device Settings > Homebase 2 > Firmware Version. If version is below 3.3.4.1h, the device is vulnerable.

Check Version:

Not applicable - check through Eufy Security app interface only

Verify Fix Applied:

Confirm firmware version is 3.3.4.1h or later in the Eufy Security app. Test wireless network security by attempting to connect with known vulnerable password generation methods.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts on wireless network
Unauthorized MAC addresses connecting to the dedicated network

Network Indicators:

Unusual traffic patterns from Homebase 2 network to primary network
Wireless scanning tools detected in proximity

SIEM Query:

source="wireless_controller" AND (event_type="auth_failure" AND count>10) OR (event_type="new_device" AND NOT device_known)

📊 Metadata

CVE ID: CVE-2023-37822

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-331

Published: October 3, 2024

Last Updated: November 25, 2024

🔗 References

http://anker.com Product
http://eufy.com Product
https://www.usenix.org/conference/woot24/presentation/goeman Technical Description
https://www.usenix.org/system/files/woot24-goeman.pdf Technical Description

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37822, you might also want to check these: