Description
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
Published: 2026-03-25
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

The vulnerability in Eufy Homebase 2 firmware 3.3.4.1h results from a flaw in the cryptographic key management that allows a local attacker to read sensitive information. By exploiting improper key handling, the attacker can access data that should remain confidential, such as credentials or configuration files.

Affected Systems

The affected device is the Eufy Homebase 2, specifically firmware version 3.3.4.1h. No other product versions are listed in the advisory, so the impact is confined to this build.

Risk and Exploitability

The CVSS score of 7.7 categorizes the issue as high severity. EPSS data is not available and the vulnerability is not included in the CISA KEV catalog, indicating a lack of known public exploitation. The attack requires local access to the device, limiting the risk to environments where the hardware is reachable. An attacker could extract data without needing additional authentication.

Generated by OpenCVE AI on March 25, 2026 at 16:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the current firmware version on the Homebase 2 device.
  • Check the Eufy website or support channels for a newer firmware release that addresses this vulnerability.
  • Apply the updated firmware when it becomes available.
  • Restrict physical and local network access to the device to prevent unauthorized local attackers.
  • Monitor device logs for signs of unusual data extraction attempts.

Generated by OpenCVE AI on March 25, 2026 at 16:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Eufy
Eufy homebase 2
Vendors & Products Eufy
Eufy homebase 2

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Information Disclosure in Eufy Homebase 2 Firmware via Cryptographic Error

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-330
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
References

Subscriptions

Eufy Homebase 2
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-25T14:49:35.823Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51346

cve-icon Vulnrichment

Updated: 2026-03-25T14:49:04.781Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T14:16:28.967

Modified: 2026-03-25T15:41:33.977

Link: CVE-2024-51346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:51:38Z

Weaknesses