CVE-2019-5271 - OpenCVE

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Myna Myna Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:myna_firmware:9.0.1.9\(h100sp6c00\):::::::*
	cpe:2.3:o:huawei:myna_firmware:9.0.1.10\(h100sp5c00\):::::::*
	cpe:2.3:o:huawei:myna_firmware:9.0.1.10\(h100sp8c00\):::::::*
	cpe:2.3:o:huawei:myna_firmware:9.0.1.10\(h100sp10c00\):::::::*
	cpe:2.3:o:huawei:myna_firmware:9.0.1.10\(h100sp11c00\):::::::*
	cpe:2.3:o:huawei:myna_firmware:9.0.1.10\(h100sp12c00\):::::::*

cpe:2.3:h:huawei:myna:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2019-11-29T20:16:57

Updated: 2024-08-04T19:47:56.971Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5271

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-29T21:15:11.433

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5271

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Myna", "vendor": "n/a", "versions": [{"status": "affected", "version": "9.0.1.10(H100SP10C00), 9.0.1.10(H100SP11C00), 9.0.1.10(H100SP12C00), 9.0.1.10(H100SP5C00), 9.0.1.10(H100SP8C00), 9.0.1.9(H100SP6C00),"}]}], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations."}], "problemTypes": [{"descriptions": [{"description": "Information Leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-29T20:16:57", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5271", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Myna", "version": {"version_data": [{"version_value": "9.0.1.10(H100SP10C00), 9.0.1.10(H100SP11C00), 9.0.1.10(H100SP12C00), 9.0.1.10(H100SP5C00), 9.0.1.10(H100SP8C00), 9.0.1.9(H100SP6C00),"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leak"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.971Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5271", "datePublished": "2019-11-29T20:16:57", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.971Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.9\\(h100sp6c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "A8B09A43-272E-40DE-97F7-83A0C1082C92", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.10\\(h100sp5c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "2F4E719C-1E3E-40E0-AF41-C836962AB6D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.10\\(h100sp8c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "7D20DF90-59EA-47A4-8F84-484359D202E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.10\\(h100sp10c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "F2D424E1-B143-43A1-BB54-F31A8090B581", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.10\\(h100sp11c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "FDB3D8A2-E00A-4F92-8C8C-10817BDED8E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:myna_firmware:9.0.1.10\\(h100sp12c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "BFF9D5A7-82D7-4779-865E-D66FA1536229", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:myna:-:*:*:*:*:*:*:*", "matchCriteriaId": "BACFD2A8-564D-4212-973D-F6C5FC0BA689", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en el altavoz inteligente Myna de Huawei. Cuando el altavoz inteligente se empareja con la nube mediante Wi-Fi, el altavoz procesa incorrectamente algunos datos. Los atacantes pueden explotar esta vulnerabilidad para leer y modificar configuraciones espec\u00edficas de altavoces por medio de una serie de operaciones."}], "id": "CVE-2019-5271", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-29T21:15:11.433", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}