PT-2019-4292 · Huawei · Honor Band 3+1

Dr. Yury V. Zaytsev

Published

2019-11-06

Updated

2019-12-16

CVE-2019-5218

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Huawei Band 2 (affected versions not specified) Honor Band 3 (affected versions not specified)

Description The issue is related to insufficient authentication in certain scenarios, allowing a remote attacker to potentially elevate their privileges. The band does not properly authenticate devices attempting to connect to it, which could enable an attacker to spoof and then connect to the band.

Recommendations For Huawei Band 2, update the firmware to a version that addresses the authentication issue. For Honor Band 3, update the firmware to a version that addresses the authentication issue. As a temporary workaround, consider restricting device connections to the band until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2020-00007

CVE-2019-5218

Affected Products

Honor Band 3

Huawei Band 2

PT-2019-4292 · Huawei · Honor Band 3+1

CVE-2019-5218

Weakness Enumeration

Related Identifiers

Affected Products

References · 5