What is the severity of CVE-2021-21951?

CVE-2021-21951 is considered a high severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2021-21951?

To fix CVE-2021-21951, update the Anker Eufy Homebase 2 to the latest firmware version provided by the manufacturer.

What devices are affected by CVE-2021-21951?

CVE-2021-21951 affects the Anker Eufy Homebase 2 running firmware version 2.1.6.9h.

What type of vulnerability is CVE-2021-21951?

CVE-2021-21951 is an out-of-bounds write vulnerability that allows for potential code execution through malicious network packets.

Can CVE-2021-21951 be exploited remotely?

Yes, CVE-2021-21951 can be exploited remotely due to flaws in the CMD_DEVICE_GET_SERVER_LIST_REQUEST feature.

Vulnerability/
CVE-2021-21951

critical

CWE

1284 119

8/12/2021

3/8/2024

CVE-2021-21951: Buffer Overflow

First published: Wed Dec 08 2021(Updated: )

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
Anker Eufy Homebase 2 Firmware	=2.1.6.9h
Anker Eufy Homebase 2

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1378

Frequently Asked Questions

What is the severity of CVE-2021-21951?
CVE-2021-21951 is considered a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2021-21951?
To fix CVE-2021-21951, update the Anker Eufy Homebase 2 to the latest firmware version provided by the manufacturer.
What devices are affected by CVE-2021-21951?
CVE-2021-21951 affects the Anker Eufy Homebase 2 running firmware version 2.1.6.9h.
What type of vulnerability is CVE-2021-21951?
CVE-2021-21951 is an out-of-bounds write vulnerability that allows for potential code execution through malicious network packets.
Can CVE-2021-21951 be exploited remotely?
Yes, CVE-2021-21951 can be exploited remotely due to flaws in the CMD_DEVICE_GET_SERVER_LIST_REQUEST feature.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/last-modified-date
agent/severity
agent/author
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/anker
canonical/anker eufy homebase 2 firmware
version/anker eufy homebase 2 firmware/2.1.6.9h
canonical/anker eufy homebase 2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2021-21951?
CVE-2021-21951 is considered a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2021-21951?
To fix CVE-2021-21951, update the Anker Eufy Homebase 2 to the latest firmware version provided by the manufacturer.
What devices are affected by CVE-2021-21951?
CVE-2021-21951 affects the Anker Eufy Homebase 2 running firmware version 2.1.6.9h.
What type of vulnerability is CVE-2021-21951?
CVE-2021-21951 is an out-of-bounds write vulnerability that allows for potential code execution through malicious network packets.
Can CVE-2021-21951 be exploited remotely?
Yes, CVE-2021-21951 can be exploited remotely due to flaws in the CMD_DEVICE_GET_SERVER_LIST_REQUEST feature.