CVE-2024-51346
Awaiting Analysis Awaiting Analysis - Queue
Information Disclosure in Eufy Homebase 2 via Cryptographic Flaw

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: MITRE

Description
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2024-51346
EUVD
EUVD-2024-55498
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
eufy homebase_2 3.3.4.1h
eufy homebase_2 to 3.3.4.1h (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Eufy Homebase 2 allows attackers to obtain sensitive information by decrypting stored media and live streams due to weak cryptographic key generation. This results in a total loss of confidentiality for user data.

Such a loss of confidentiality can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require adequate protection of personal and sensitive information to prevent unauthorized access.

Specifically, the exposure of sensitive media and live streams could violate principles of data security and privacy mandated by these standards, potentially resulting in legal and regulatory consequences for affected organizations or users.

Executive Summary

This vulnerability exists in Eufy Homebase 2 version 3.3.4.1h and allows a local attacker to obtain sensitive information by exploiting the cryptographic scheme used by the device.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information, which may compromise confidentiality and integrity of data on the affected device.

Detection Guidance

This vulnerability can be detected by capturing and analyzing network traffic or stored media files from the Eufy Homebase 2 device. Specifically, one can intercept the P2P connection handshakes and extract the "eufysecurity" header to obtain the Serial Number and PPCS_ID parameters, which are used to reconstruct the encryption keys.

Tools such as Wireshark can be used to capture and analyze the P2P communication packets. Additionally, extracting stored media files and inspecting their headers for the "Eufy header" can help identify the presence of weak encryption.

Commands or steps to detect the vulnerability might include:

  • Use Wireshark to capture network traffic on the local network segment where the Homebase 2 device communicates.
  • Filter captured packets for P2P handshake messages containing the PPCS_ID and Serial Number.
  • Extract the "eufysecurity" header from media files stored on the device or backup to analyze the metadata.
  • Use scripts or tools (potentially from the referenced research) to reconstruct AES keys from the extracted parameters and attempt decryption of media headers or live streams.
Mitigation Strategies

Immediate mitigation steps include updating the Eufy Homebase 2 device firmware to a version later than 3.3.4.1h where the vulnerability has been patched.

Since the vulnerability allows passive attackers to decrypt media and streams without authentication, it is critical to apply the official security update provided by the vendor as soon as possible.

Additional steps include restricting local network access to the Homebase 2 device to trusted users only and monitoring network traffic for suspicious activity related to P2P connections.

If firmware updates are not immediately available, consider isolating the device on a separate VLAN or network segment to limit exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-51346. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart