CVEPublished 2024-10-03Modified 2026-07-051 article on news4 live referencesNVD data

CVE-2023-37822Eufy · Homebase_2_firmware

Vulnerability data via NVD (ingested)

CVSS v3.1
8.2
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS percentile
20
Exploit Prediction Scoring System · top 80% of all CVEs
Description

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

Timeline
Published 2024-10-03
Modified 2026-07-05

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub (1)