Eufy HomeBase 2 model T8010X Vulnerable to WPA2-PSK Deprecation
CVE-2023-37822

8.2HIGH

Key Information:

Vendor: Eufy
Status: Homebase 2 Firmware
Vendor: CVE Published:; 3 October 2024

What is CVE-2023-37822?

The Eufy Homebase 2 presents a significant vulnerability due to its implementation of a dedicated wireless network that functions as a proxy for the user's primary network. The mechanism used to generate the WPA2-PSK for this network relies solely on the product's serial number, leading to predictable keys. This flaw allows an attacker within the vicinity of the dedicated network to execute brute force attacks efficiently, potentially gaining access to the user's primary network without authorization. The implications of this vulnerability emphasize the need for enhanced security measures in device configurations, particularly for home automation systems.

References

http://anker.com

http://eufy.com

https://www.usenix.org/conference/woot24/presentation/goeman

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2024
Vulnerability Reserved
Jul 10, 2023

CVE-2023-37822 Data

JSON