Cyber Resilience

CVE-2023-37822

High

Published: 03 October 2024

Published
03 October 2024
Modified
25 November 2024
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS Score 0.0008 23.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-37822 is a high-severity Insufficient Entropy (CWE-331) vulnerability in Eufy Homebase 2 Firmware. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 23.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on…

more

the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

eufy
homebase 2 firmware
≤ 3.3.4.1h

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-331

Approved key-establishment methods mandate sufficient entropy during key generation, eliminating entropy-starved keys.

References