Anker Eufy Homebase 2 vulnerabilities

CVE-2022-29503 [CRITICAL] CWE-119 CVE-2022-29503: A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9. A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.

CVE-2022-21806 [CRITICAL] CWE-368 CVE-2022-21806: A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Euf A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

CVE-2022-25989 [HIGH] CWE-290 CVE-2022-25989: An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability.

CVE-2022-26073 [MEDIUM] CWE-190 CVE-2022-26073: A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.