Vulnerabilities > CVE-2022-21806 - Use After Free vulnerability in Anker Eufy Homebase 2 Firmware 2.1.8.5H

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

anker

CWE-416

critical

NVD

Published: 2022-06-17

Updated: 2022-06-28

Summary

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

Vulnerable Configurations

Part	Description	Count
OS	Anker Anker Eufy Homebase 2 Firmware 2.1.8.5H	1
Hardware	Anker Anker Eufy Homebase 2 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1440