CVE-2019-5218

HIGH

8.8

Description

There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published11/29/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

huawei:band_2huawei:band_2_firmwarehuawei:band_3huawei:band_3_firmware

Weaknesses (CWE)

CWE-287

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en(psirt@huawei.com)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.