The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.
History

Tue, 29 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Eufy
Eufy homebase 2
Eufy homebase 2 Firmware
Weaknesses CWE-331
CPEs cpe:2.3:h:eufy:homebase_2:-:*:*:*:*:*:*:*
cpe:2.3:o:eufy:homebase_2_firmware:*:*:*:*:*:*:*:*
Vendors & Products Eufy
Eufy homebase 2
Eufy homebase 2 Firmware
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N'}


Fri, 04 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Description Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK. The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.
References

Thu, 03 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-03T00:00:00

Updated: 2024-10-04T13:20:04.244595

Reserved: 2023-07-10T00:00:00

Link: CVE-2023-37822

cve-icon Vulnrichment

Updated: 2024-10-03T19:27:09.810Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-03T18:15:04.443

Modified: 2024-10-29T14:47:05.997

Link: CVE-2023-37822

cve-icon Redhat

No data.