CVE-2021-21941

Опубликовано: 12 окт. 2021

Источник: nvd

CVSS3: 10

CVSS3: 9

CVSS2: 6.8

EPSS Низкий

Описание

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1370
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1370
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:anker:eufy_homebase_2_firmware:2.1.6.9h:*:*:*:*:*:*:*

cpe:2.3:h:anker:eufy_homebase_2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01802

Низкий

10 Critical

CVSS3

9 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-368

CWE-416

Связанные уязвимости

GHSA-8fwh-83cj-r97c

CVSS3: 8.1

github

больше 3 лет назад

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

EPSS

Процентиль: 82%

0.01802

Низкий

10 Critical

CVSS3

9 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-368

CWE-416