CVE-2024-51346
Information Disclosure in Eufy Homebase 2 via Cryptographic Flaw
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eufy | homebase_2 | 3.3.4.1h |
| eufy | homebase_2 | to 3.3.4.1h (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-330 | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Eufy Homebase 2 version 3.3.4.1h and allows a local attacker to obtain sensitive information by exploiting the cryptographic scheme used by the device.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information, which may compromise confidentiality and integrity of data on the affected device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Eufy Homebase 2 allows attackers to obtain sensitive information by decrypting stored media and live streams due to weak cryptographic key generation. This results in a total loss of confidentiality for user data.
Such a loss of confidentiality can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require adequate protection of personal and sensitive information to prevent unauthorized access.
Specifically, the exposure of sensitive media and live streams could violate principles of data security and privacy mandated by these standards, potentially resulting in legal and regulatory consequences for affected organizations or users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by capturing and analyzing network traffic or stored media files from the Eufy Homebase 2 device. Specifically, one can intercept the P2P connection handshakes and extract the "eufysecurity" header to obtain the Serial Number and PPCS_ID parameters, which are used to reconstruct the encryption keys.
Tools such as Wireshark can be used to capture and analyze the P2P communication packets. Additionally, extracting stored media files and inspecting their headers for the "Eufy header" can help identify the presence of weak encryption.
Commands or steps to detect the vulnerability might include:
- Use Wireshark to capture network traffic on the local network segment where the Homebase 2 device communicates.
- Filter captured packets for P2P handshake messages containing the PPCS_ID and Serial Number.
- Extract the "eufysecurity" header from media files stored on the device or backup to analyze the metadata.
- Use scripts or tools (potentially from the referenced research) to reconstruct AES keys from the extracted parameters and attempt decryption of media headers or live streams.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Eufy Homebase 2 device firmware to a version later than 3.3.4.1h where the vulnerability has been patched.
Since the vulnerability allows passive attackers to decrypt media and streams without authentication, it is critical to apply the official security update provided by the vendor as soon as possible.
Additional steps include restricting local network access to the Homebase 2 device to trusted users only and monitoring network traffic for suspicious activity related to P2P connections.
If firmware updates are not immediately available, consider isolating the device on a separate VLAN or network segment to limit exposure.