Main Vulnerability Database SB2019110650

SB2019110650 - Improper Authentication in Huawei Band 2 and Honor Band 3

Published: November 6, 2019 Updated: November 14, 2019

Security Bulletin ID SB2019110650

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2019-5218)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to the band does not sufficiently authenticate the device try to connect to it in certain scenario. An attacker on adjacent network can fake certain credential, spoof the band, then connect to it and gain unauthorized access to the application.

Remediation

Install update from vendor's website.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en