CVE-2019-5271

EUVD-2019-14876
There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
huaweimyna_firmware
9.0.1.9\(h100sp6c00\)
huaweimyna_firmware
9.0.1.10\(h100sp5c00\)
huaweimyna_firmware
9.0.1.10\(h100sp8c00\)
huaweimyna_firmware
9.0.1.10\(h100sp10c00\)
huaweimyna_firmware
9.0.1.10\(h100sp11c00\)
huaweimyna_firmware
9.0.1.10\(h100sp12c00\)
𝑥
= Vulnerable software versions
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-01-myna-en