eufy

Anker Eufy smart home hubs exposed to RCE attacks due to critical flaw

eufy

Anker’s central hub for smart home devices, Eufy Homebase 2, was vulnerable to three vulnerabilities, including a critical remote code execution (RCE) flaw.

Homebase 2 is the video storage and networking gateway for all of Anker’s Eufy smart home devices, including video doorbells, indoor security cameras, smart locks, alarm systems and more.

Homebase acts as a central station for Eufy devices and connects to the cloud to provide services that enhance the functionality of those products, control users remotely via an app, etc.

Researchers at Cisco Talos have discovered that Homebase 2 is plagued by three potentially dangerous vulnerabilities that can lead to privacy invasion, service disruption, and code execution.

Three Dangerous Flaws

The heaviest of the trio, CVE-2022-21806 is a critical (CVSS: 10.0) RCE that is triggered by sending a specially crafted set of network packets to the target device.

The flaw lies in a user-after-free issue in the functionality of an internal server that Homebase uses to receive specifically formatted messages from the network, such as for device pairing, configuration, etc.

The second vulnerability, tracked as CVE-2022-26073is a very serious (CVSS: 7.4) issue that is also caused remotely by sending a set of specially crafted network packets.

Exploitation puts the device in a reboot state, so the main repercussion is a denial of service. However, in the context of influencing home security systems, there are several scenarios where this flaw can come in handy for malicious actors.

Repeated crash causing device to reboot
Crash that causes device to reboot when repeated multiple times (Cisco Talos)

Finally there is CVE-2022-25989a very serious (CVSS: 7.1) authentication bypass issue caused by a specially crafted DHCP packet, forcing Homebase to send traffic to a remote server.

An attacker could potentially exploit this flaw to receive the video feed from connected camera devices and spy on the owners.

Solutions are available

Cisco Talos reported the above issues to Anker before they were made public so they had time to fix the issues through security updates.

Anker addressed these vulnerabilities by releasing firmware versions 3.1.8.7 and 3.1.8.7h, which were released in April 2022.

That means most Homebase 2 devices that have not updated their firmware after purchase are vulnerable to the above errors.

Cisco provided in-depth technical details on how to exploit the aforementioned flaws so that threat actors could use the information available to conduct actual attacks.

The easiest way to update your Eufy device’s firmware is through the app, explained here support webpage

Leave a Comment

Your email address will not be published.