CVE-2019-5218
HIGHHuawei Band 2 and Honor Band 3 - Insufficient Authentication
Title source: llmDescription
There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191106-01-band-en
Scores
CVSS v3
8.8
EPSS
0.0010
EPSS Percentile
27.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
huawei/band_2_firmware
< eris-b19\/eris-b29_1.2.53
huawei/band_3_firmware
< nyx-b10hn_1.5.53
Published
Nov 29, 2019
Tracked Since
Feb 18, 2026