UUpdate (Nov. 29, 2021): Anker patched five other vulnerabilities in this product affecting the same version as originally listed in this blog. These have been added to the post.

Lilith >_> of Cisco Talos discovered this vulnerability.

Cisco Talos recently discovered two vulnerabilities in the Anker Eufy Homebase.

The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem. All Eufy devices connect to this cloud-connected device and allow users to adjust the settings on other Eufy Smarthome devices. TALOS-2021-1369 (CVE-2021-21940) is a heap-based buffer overflow vulnerability in Homebase’s pushMuxer processRtspInfo functionality. An attacker could send a malicious packet to trigger this vulnerability, causing a heap-based buffer overflow.

TALOS-2021-1370 (CVE-2021-21941) is a use-after-free vulnerability that could allow an attacker to execute remote code on the targeted device. Like the other vulnerability, an attacker needs to send a series of malicious packets to trigger this exploit.

TALOS-2021-1378 (CVE-2021-21950 and CVE-2021-21951) and TALOS-2021-1381 (CVE-2021-21954) could also allow an attacker to execute remote code.

There are all three privilege escalation vulnerabilities in Homebase: TALOS-2021-1379 (CVE-2021-21952), TALOS-2021-1380 (CVE-2021-21953) and TALOS-2021-1382 (CVE-2021-21955). TALOS-2021-1379 and TALOS-2021-1380 could allow an attacker to elevate their privileges if they're already on the infected machine, which could open the door to additional attacks. Alternatively, they could exploit TALOS-2021-1382 to trigger the password reset feature, allowing them to set a new password for the account in question.

Cisco Talos worked with Anker to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Anker Eufy Homebase 2, version Talos tested and confirmed these versions of Homebase could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58075 - 58080, 58250, 58251 and 58298. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.