VAR-201911-0828
Vulnerability from variot - Updated: 2024-11-23 23:01There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. Huawei Band 2 and Honor Band 3 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Bracelet 2 and Honor Bracelet 3 are both smart bracelets from China's Huawei.
Huawei Band 2 Eris-B19 / Eris-B29 versions prior to 1.2.53 and Honor Band 3 NYX-B10HN versions prior to 1.5.53 have security vulnerabilities, which originated from the program I can fully authenticate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "band 2",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "band 3",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "band 3",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "nyx-b10hn_1.5.53"
},
{
"model": "band 2",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "eris-b19\\/eris-b29_1.2.53"
},
{
"model": "honor band 3",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "band 2",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "bracelet \u003ceris-b19 eris-b29",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2/1.2.53"
},
{
"model": "bracelet eris-b19 eris-b29 || glory bracelet nyx-b10hn",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2/3\u003c1.2.53"
},
{
"model": "honor band \u003cnyx-b10hn",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "31.5.53"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:band_3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:band_2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
}
]
},
"cve": "CVE-2019-5218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-5218",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2019-41254",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-5218",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5218",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5218",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-5218",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41254",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-354",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. Huawei Band 2 and Honor Band 3 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Bracelet 2 and Honor Bracelet 3 are both smart bracelets from China\u0027s Huawei. \n\nHuawei Band 2 Eris-B19 / Eris-B29 versions prior to 1.2.53 and Honor Band 3 NYX-B10HN versions prior to 1.5.53 have security vulnerabilities, which originated from the program I can fully authenticate",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5218"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNVD",
"id": "CNVD-2019-41254"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5218",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"id": "VAR-201911-0828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
}
],
"trust": 1.5166666666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
}
]
},
"last_update_date": "2024-11-23T23:01:38.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20191106-01-band",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en"
},
{
"title": "Patch for Insufficient certification of multiple Huawei bracelet products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/190789"
},
{
"title": "Huawei Huawei bracelet 2 And glory bracelet 3 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105195"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5218"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191106-01-band-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"date": "2019-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"date": "2019-11-29T20:15:11.020000",
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41254"
},
{
"date": "2019-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013083"
},
{
"date": "2019-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-354"
},
{
"date": "2024-11-21T04:44:32.337000",
"db": "NVD",
"id": "CVE-2019-5218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Band 2 and Honor Band 3 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013083"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-354"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…