"Severe Flaw in Anker Eufy Smart Home Hubs Makes Them Vulnerable to RCE Attacks"
Anker's primary smart home device hub, Eufy Homebase 2, was discovered to have three flaws, one of which was a severe Remote Code Execution (RCE) vulnerability. The Homebase 2 serves as a video storage and networking gateway for all of Anker's Eufy smart home products, including video doorbells, interior security cameras, alarm systems, smart locks, and more. Homebase is a central hub for Eufy devices, connecting to the cloud to enable services such as expanded product functionality and app-based remote control. According to Cisco Talos researchers, Homebase 2 has three potentially severe vulnerabilities that could lead to privacy intrusion, service interruption, and code execution. Before the flaws were made public, Cisco Talos notified Anker of the issues, allowing them time to address them with security upgrades. Anker addressed these security issues in April 2022 with firmware versions 3.1.8.7 and 3.1.8.7h. However, most Homebase 2 devices that have not had their firmware updated since purchase are still vulnerable to the exploitation of the discovered flaws. This article continues to discuss the potential exploitation and impact of the three security flaws found in the Eufy Homebase 2 smart home device hub.