CVE - CVE-2023-37822

CVE-ID
CVE-2023-37822	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://anker.com MISC:http://eufy.com MISC:https://www.usenix.org/conference/woot24/presentation/goeman MISC:https://www.usenix.org/system/files/woot24-goeman.pdf
Assigning CNA
MITRE Corporation
Date Record Created
20230710	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230710)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)