Multiple vulnerabilities in Eufy eufyCam 2



Published: 2021-11-30
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2021-21950
CVE-2021-21951
CVE-2021-21953
CVE-2021-21952
CVE-2021-21955
CVE-2021-21954
CWE-ID CWE-119
CWE-300
CWE-287
CWE-78
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
eufyCam 2
Hardware solutions / Security hardware applicances

Vendor Eufy

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU58445

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21950

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "recv_server_device_response_msg_process" function in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eufyCam 2: 2.1.6.9h


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1378

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU58446

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21951

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "read_udp_push_config_file" function in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eufyCam 2: 2.1.6.9h


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1378

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU58453

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21953

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to authentication bypass issue in the "process_msg()" function of the home_security binary. A remote attacker can perform perform a man-in-the-middle attack and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eufyCam 2: 2.1.6.9h


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1380

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Authentication

EUVDB-ID: #VU58452

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21952

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eufyCam 2: 2.1.6.9h


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1379

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Small Space of Random Values

EUVDB-ID: #VU58448

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21955

CWE-ID: -

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists due to improper authentication in the "get_aes_key_info_by_packetid()" function of the home_security binary. A remote attacker can recovery the password and bypass authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eufyCam 2: 2.1.6.9h


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1382

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) OS Command Injection

EUVDB-ID: #VU58447

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21954

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the wifi_country_code_update functionality of the home_security binary. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

eufyCam 2: 2.1.6.9h


CPE2.3 External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1381

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###