CVE-2021-3555 - Vulnerability Details - OpenCVE

A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eufylife	Solo Indoorcam C24 Solo Indoorcam C24 Firmware Solo Indoorcam P24 Solo Indoorcam P24 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:eufylife:solo_indoorcam_c24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eufylife:solo_indoorcam_c24:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:eufylife:solo_indoorcam_p24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eufylife:solo_indoorcam_p24:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-05-31T09:45:12.553101Z

Updated: 2024-09-17T03:08:09.236Z

Reserved: 2021-05-18T00:00:00

Link: CVE-2021-3555

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-31T10:15:07.767

Modified: 2024-11-21T06:21:49.980

Link: CVE-2021-3555

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Indoor 2K Indoor Camera", "vendor": "Eufy", "versions": [{"lessThanOrEqual": "2.0.9.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bitdefender Labs"}], "datePublic": "2022-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-31T09:45:12", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/"}], "solutions": [{"lang": "en", "value": "An update to a firmware version greater than 2.0.9.3 fixes the issue."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-05-31T09:00:00.000Z", "ID": "CVE-2021-3555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Indoor 2K Indoor Camera", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.0.9.3"}]}}]}, "vendor_name": "Eufy"}]}}, "credit": [{"lang": "eng", "value": "Bitdefender Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/", "refsource": "MISC", "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/"}]}, "solution": [{"lang": "en", "value": "An update to a firmware version greater than 2.0.9.3 fixes the issue."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:08.142Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2021-3555", "datePublished": "2022-05-31T09:45:12.553101Z", "dateReserved": "2021-05-18T00:00:00", "dateUpdated": "2024-09-17T03:08:09.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:eufylife:solo_indoorcam_c24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "65A37EA0-5B0C-488F-806C-1F31397DCC7B", "versionEndIncluding": "2.0.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:eufylife:solo_indoorcam_c24:-:*:*:*:*:*:*:*", "matchCriteriaId": "079D365F-7DDE-4100-AAA4-6E0E1B165034", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:eufylife:solo_indoorcam_p24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF56CC8-EF0D-468F-A1FA-6D6BEEB42057", "versionEndIncluding": "2.0.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:eufylife:solo_indoorcam_p24:-:*:*:*:*:*:*:*", "matchCriteriaId": "94AAC5BE-85E0-481E-A4FE-206127DDD2B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento del b\u00fafer en el componente del servidor RSTP de la c\u00e1mara de interior Eufy Indoor 2K permite a un atacante local lograr la ejecuci\u00f3n remota de c\u00f3digo. Este problema afecta a: Eufy Indoor 2K Indoor Camera versi\u00f3n 2.0.9.3 y versiones anteriores"}], "id": "CVE-2021-3555", "lastModified": "2024-11-21T06:21:49.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-31T10:15:07.767", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-eufy2k-indoor-camera/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}