CVE-2023-37822

HIGH EPSS 19.7%
Published Oct 3, 20241y ago · Modified Jun 17, 20262w ago
8.2 CVSS 3.1
High
Find Similar
Published Oct 3, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

CVSS Details

Base Score
8.2
Exploitability
2.8
Impact
4.7
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
19.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-331

Affected Products 2

VendorProductVersionRange
eufyhomebase_2_firmware* <3.3.4.1h
eufyhomebase_2*any

References 4

  • anker.com http://anker.com
    Product
  • eufy.com http://eufy.com
    Product
  • usenix.org https://www.usenix.org/conference/woot24/presentation/goeman
    Technical Description
  • usenix.org https://www.usenix.org/system/files/woot24-goeman.pdf
    Technical Description

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.