Sign-up

ID

VAR-201911-0261


CVE

CVE-2019-5271


TITLE

Huawei Myna Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-44558 // CNNVD: CNNVD-201911-1469

DESCRIPTION

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations

Trust: 2.16

sources: NVD: CVE-2019-5271 // JVNDB: JVNDB-2019-012688 // CNVD: CNVD-2019-44558

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44558

AFFECTED PRODUCTS

vendor:huaweimodel:myna 9.0.1.10scope: - version: -

Trust: 3.0

vendor:huaweimodel:mynascope:eqversion:9.0.1.10\(h100sp8c00\)

Trust: 1.0

vendor:huaweimodel:mynascope:eqversion:9.0.1.10\(h100sp11c00\)

Trust: 1.0

vendor:huaweimodel:mynascope:eqversion:9.0.1.10\(h100sp10c00\)

Trust: 1.0

vendor:huaweimodel:mynascope:eqversion:9.0.1.10\(h100sp12c00\)

Trust: 1.0

vendor:huaweimodel:mynascope:eqversion:9.0.1.9\(h100sp6c00\)

Trust: 1.0

vendor:huaweimodel:mynascope:eqversion:9.0.1.10\(h100sp5c00\)

Trust: 1.0

vendor:huaweimodel:mynascope: - version: -

Trust: 0.8

vendor:huaweimodel:myna 9.0.1.9scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-44558 // JVNDB: JVNDB-2019-012688 // NVD: CVE-2019-5271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5271
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5271
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44558
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1469
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-5271
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44558
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5271
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-5271
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44558 // JVNDB: JVNDB-2019-012688 // CNNVD: CNNVD-201911-1469 // NVD: CVE-2019-5271

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-012688 // NVD: CVE-2019-5271

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1469

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-1469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012688

PATCH
title:huawei-sa-20191127-01-mynaurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en
Trust: 0.8
title:Patch for Huawei Myna Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193535
Trust: 0.6
title:Huawei Myna Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103734
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44558 // 
            
            
            
            JVNDB: JVNDB-2019-012688 // 
            
            
            
            CNNVD: CNNVD-201911-1469

EXTERNAL IDS
db:NVDid:CVE-2019-5271
Trust: 3.0
db:JVNDBid:JVNDB-2019-012688
Trust: 0.8
db:CNVDid:CNVD-2019-44558
Trust: 0.6
db:CNNVDid:CNNVD-201911-1469
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44558 // 
            
            
            
            JVNDB: JVNDB-2019-012688 // 
            
            
            
            CNNVD: CNNVD-201911-1469 // 
            
            
            
            NVD: CVE-2019-5271

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5271
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191127-01-myna-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5271
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-44558 // 
            
            
            
            JVNDB: JVNDB-2019-012688 // 
            
            
            
            CNNVD: CNNVD-201911-1469 // 
            
            
            
            NVD: CVE-2019-5271

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201911-1469

SOURCES
db:CNVDid:CNVD-2019-44558
db:JVNDBid:JVNDB-2019-012688
db:CNNVDid:CNNVD-201911-1469
db:NVDid:CVE-2019-5271

LAST UPDATE DATE
2024-11-23T23:01:39.425000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44558date:2019-12-10T00:00:00
db:JVNDBid:JVNDB-2019-012688date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-1469date:2020-08-25T00:00:00
db:NVDid:CVE-2019-5271date:2024-11-21T04:44:38.797

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44558date:2019-12-10T00:00:00
db:JVNDBid:JVNDB-2019-012688date:2019-12-11T00:00:00
db:CNNVDid:CNNVD-201911-1469date:2019-11-27T00:00:00
db:NVDid:CVE-2019-5271date:2019-11-29T21:15:11.433