anker CVE Vulnerabilities & Metrics

Focus on anker vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About anker Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with anker. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total anker CVEs: 13
Earliest CVE date: 08 Dec 2018, 18:29 UTC
Latest CVE date: 29 Sep 2022, 17:15 UTC

Latest CVE reference: CVE-2022-29503

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical anker CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.91

Max CVSS: 10.0

Critical CVEs (≥9): 3

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	5
7.0-8.9	4
9.0-10.0	3

CVSS Distribution Chart

Top 5 Highest CVSS anker CVEs

These are the five CVEs with the highest CVSS scores for anker, sorted by severity first and recency.

CVE-2021-21951 anker Published on 08 Dec 2021, 22:15 UTC (CVSS: 10.0)
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.
CVE-2021-21950 anker Published on 08 Dec 2021, 22:15 UTC (CVSS: 10.0)
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.
CVE-2021-21954 anker Published on 09 Dec 2021, 16:15 UTC (CVSS: 9.0)
A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.
CVE-2018-19980 anker Published on 08 Dec 2018, 18:29 UTC (CVSS: 7.8)
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
CVE-2022-21806 anker Published on 17 Jun 2022, 18:15 UTC (CVSS: 7.5)
A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

All CVEs for anker

CVE-2022-29503 anker vulnerability CVSS: 0 29 Sep 2022, 17:15 UTC

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.

CVE-2022-21806 anker vulnerability CVSS: 7.5 17 Jun 2022, 18:15 UTC

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

CVE-2022-26073 anker vulnerability CVSS: 6.1 05 May 2022, 18:15 UTC

A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability.

CVE-2022-25989 anker vulnerability CVSS: 5.8 05 May 2022, 18:15 UTC

An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability.

CVE-2021-21953 anker vulnerability CVSS: 6.8 22 Dec 2021, 19:15 UTC

An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges.

CVE-2021-21952 anker vulnerability CVSS: 7.5 22 Dec 2021, 19:15 UTC

An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.

CVE-2021-21955 anker vulnerability CVSS: 5.0 09 Dec 2021, 16:15 UTC

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.

CVE-2021-21954 anker vulnerability CVSS: 9.0 09 Dec 2021, 16:15 UTC

A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.

CVE-2021-21951 anker vulnerability CVSS: 10.0 08 Dec 2021, 22:15 UTC

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.

CVE-2021-21950 anker vulnerability CVSS: 10.0 08 Dec 2021, 22:15 UTC

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.

CVE-2021-21941 anker vulnerability CVSS: 6.8 12 Oct 2021, 14:15 UTC

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

CVE-2021-21940 anker vulnerability CVSS: 7.5 12 Oct 2021, 14:15 UTC

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2018-19980 anker vulnerability CVSS: 7.8 08 Dec 2018, 18:29 UTC

Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.