CVE-2019-5218

HIGH

8.8

Beschreibung

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorADJACENT_NETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht11/29/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

huawei:band_2huawei:band_2_firmwarehuawei:band_3huawei:band_3_firmware

Schwachen (CWE)

CWE-287

Referenzen

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en(psirt@huawei.com)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.