Lucene search

Huawei TechnologiesHUAWEI-SA-IABVITHCSWSA-C385B2DC

HistoryFeb 08, 2023 - 12:00 a.m.

Security Advisory - Identity Authentication Bypass Vulnerability in The Huawei Children Smart Watch (Simba-AL00)

2023-02-0800:00:00

Huawei Technologies

www.huawei.com

huawei

smart watch

identity authentication

vulnerability

access control

cve-2022-48305

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

13.3%

JSON

The Huawei Children Smart Watch (Simba-AL00) has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.(Vulnerability ID:HWPSIRT-2022-18770)
This vulnerability has been assigned a (CVE) ID: CVE-2022-48305

Affected configurations

Vulners

Node

huaweisimba-al00_firmwareMatchsimba-al00

huaweisimba-al00_firmwareMatch1.1.1.274

VendorProductVersionCPE
huaweisimba-al00_firmwaresimba-al00cpe:2.3:o:huawei:simba-al00_firmware:simba-al00:*:*:*:*:*:*:*
huaweisimba-al00_firmware1.1.1.274cpe:2.3:o:huawei:simba-al00_firmware:1.1.1.274:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	simba-al00_firmware	simba-al00	cpe:2.3:o:huawei:simba-al00_firmware:simba-al00:::::::*
huawei	simba-al00_firmware	1.1.1.274	cpe:2.3:o:huawei:simba-al00_firmware:1.1.1.274:::::::*

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

13.3%

JSON

Related for HUAWEI-SA-IABVITHCSWSA-C385B2DC