Vulnerability Description
There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Band 2 Firmware | < eris-b19\/eris-b29_1.2.53 |
| Huawei | Band 2 | - |
| Huawei | Band 3 Firmware | < nyx-b10hn_1.5.53 |
| Huawei | Band 3 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-enVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-enVendor Advisory
FAQ
What is CVE-2019-5218?
CVE-2019-5218 is a vulnerability with a CVSS score of 8.8 (HIGH). There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exp...
How severe is CVE-2019-5218?
CVE-2019-5218 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5218?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Band 2 Firmware, Huawei Band 2, Huawei Band 3 Firmware, Huawei Band 3.