CVE-2022-26073 — Integer Overflow or Wraparound in Eufy Homebase 2

CWE-190 — Integer Overflow or Wraparound4 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 75.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anker Eufy Homebase 2 Anker Eufy Homebase 2 Firmware

Timeline

PublishedMay 5

Latest updateJun 15

Description

A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5anker/eufy_homebase_22.1.8.5h

▶NVDanker/eufy_homebase_2_firmware2.1.8.5h

🔴Vulnerability Details

GHSA

GHSA-7j97-rqv4-wfhw: A denial of service vulnerability exists in the libxm_av↗2022-05-06

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass↗2022-06-15

▶

Talos

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass↗2022-06-15

▶