Multiple vulnerabilities in Eufy eufyCam 2
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2021-21950 CVE-2021-21951 CVE-2021-21953 CVE-2021-21952 CVE-2021-21955 CVE-2021-21954 |
| CWE-ID | CWE-119 CWE-300 CWE-287 CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
eufyCam 2 Hardware solutions / Security hardware applicances |
| Vendor | Eufy |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU58445
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21950
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "recv_server_device_response_msg_process" function in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionseufyCam 2: 2.1.6.9h
CPE2.3
- cpe:2.3:h:eufy:eufycam_2:2.1.6.9h:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1378
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU58446
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21951
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "read_udp_push_config_file" function in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionseufyCam 2: 2.1.6.9h
CPE2.3
- cpe:2.3:h:eufy:eufycam_2:2.1.6.9h:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1378
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU58453
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21953
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to authentication bypass issue in the "process_msg()" function of the home_security binary. A remote attacker can perform perform a man-in-the-middle attack and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionseufyCam 2: 2.1.6.9h
CPE2.3
- cpe:2.3:h:eufy:eufycam_2:2.1.6.9h:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1380
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authentication
EUVDB-ID: #VU58452
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21952
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary. A remote attacker can bypass authentication process and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionseufyCam 2: 2.1.6.9h
CPE2.3
- cpe:2.3:h:eufy:eufycam_2:2.1.6.9h:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1379
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Small Space of Random Values
EUVDB-ID: #VU58448
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21955
CWE-ID:
-
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to improper authentication in the "get_aes_key_info_by_packetid()" function of the home_security binary. A remote attacker can recovery the password and bypass authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionseufyCam 2: 2.1.6.9h
CPE2.3
- cpe:2.3:h:eufy:eufycam_2:2.1.6.9h:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1382
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) OS Command Injection
EUVDB-ID: #VU58447
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21954
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the wifi_country_code_update functionality of the home_security binary. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionseufyCam 2: 2.1.6.9h
CPE2.3
- cpe:2.3:h:eufy:eufycam_2:2.1.6.9h:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1381
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
