CVE-2023-37822

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37822
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://anker.com Product
http://eufy.com Product
https://www.usenix.org/conference/woot24/presentation/goeman Technical Description
https://www.usenix.org/system/files/woot24-goeman.pdf Technical Description
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:eufy:homebase_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:eufy:homebase_2:-:*:*:*:*:*:*:*
History

29 Oct 2024, 14:47

Type Values Removed Values Added
First Time Eufy homebase 2
Eufy
Eufy homebase 2 Firmware
CWE CWE-331
CPE cpe:2.3:h:eufy:homebase_2:-:*:*:*:*:*:*:*
cpe:2.3:o:eufy:homebase_2_firmware:*:*:*:*:*:*:*:*
References () http://anker.com - () http://anker.com - Product
References () http://eufy.com - () http://eufy.com - Product
References () https://www.usenix.org/conference/woot24/presentation/goeman - () https://www.usenix.org/conference/woot24/presentation/goeman - Technical Description
References () https://www.usenix.org/system/files/woot24-goeman.pdf - () https://www.usenix.org/system/files/woot24-goeman.pdf - Technical Description
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.2

04 Oct 2024, 14:15

Type Values Removed Values Added
References
  • () https://www.usenix.org/system/files/woot24-goeman.pdf -
Summary (en) Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK. (en) The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

04 Oct 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) Se descubrió que Eufy HomeBase 2 modelo T8010X v3.2.8.3h utiliza el protocolo inalámbrico obsoleto WPA2-PSK.

03 Oct 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-03 18:15

Updated : 2024-10-29 14:47

NVD link : CVE-2023-37822

Mitre link : CVE-2023-37822

CVE.ORG link : CVE-2023-37822

JSON object : View

Products Affected

eufy

  • homebase_2
  • homebase_2_firmware
CWE
CWE-331

Insufficient Entropy


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024