Overview
- Description
- There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.
- Source
- psirt@huawei.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 6.4
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:band_2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98AC909D-8B00-4DB0-BA5A-5C4F126A0858",
"versionEndExcluding": "eris-b19\\/eris-b29_1.2.53"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:band_2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "95205051-5193-43B9-A9B0-42B73022E123"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:band_3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B395A525-F5E6-4704-A3BA-C2E32AB22956",
"versionEndExcluding": "nyx-b10hn_1.5.53"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:band_3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4761B221-53A5-4151-BB02-36F1ED8C2590"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]