The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.
Metrics
Affected Vendors & Products
References
History
Tue, 29 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Eufy
Eufy homebase 2 Eufy homebase 2 Firmware |
|
Weaknesses | CWE-331 | |
CPEs | cpe:2.3:h:eufy:homebase_2:-:*:*:*:*:*:*:* cpe:2.3:o:eufy:homebase_2_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Eufy
Eufy homebase 2 Eufy homebase 2 Firmware |
|
Metrics |
cvssV3_1
|
Fri, 04 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK. | The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network. |
References |
|
Thu, 03 Oct 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-03T00:00:00
Updated: 2024-11-25T21:15:25.338Z
Reserved: 2023-07-10T00:00:00
Link: CVE-2023-37822
Vulnrichment
Updated: 2024-10-03T19:27:09.810Z
NVD
Status : Modified
Published: 2024-10-03T18:15:04.443
Modified: 2024-11-25T22:15:06.537
Link: CVE-2023-37822
Redhat
No data.