PT-2019-4292 · Huawei · Honor Band 3+1

Dr. Yury V. Zaytsev

Publicado

2019-11-06

Atualizado

2019-12-16

CVE-2019-5218

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huawei Band 2 (affected versions not specified) Honor Band 3 (affected versions not specified)

Description The issue is related to insufficient authentication in certain scenarios, allowing a remote attacker to potentially elevate their privileges. The band does not properly authenticate devices attempting to connect to it, which could enable an attacker to spoof and then connect to the band.

Recommendations For Huawei Band 2, update the firmware to a version that addresses the authentication issue. For Honor Band 3, update the firmware to a version that addresses the authentication issue. As a temporary workaround, consider restricting device connections to the band until a patch is available.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

BDU:2020-00007

CVE-2019-5218

Produtos afetados

Honor Band 3

Huawei Band 2

PT-2019-4292 · Huawei · Honor Band 3+1

CVE-2019-5218

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5