4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:C/A:N
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.2%
Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.
CPE | Name | Operator | Version |
---|---|---|---|
huawei:g9_lite_firmware | huawei g9 lite firmware | lt | vns-l53c605b120custc605d103 |
[
{
"product": "G9 Lite, Honor 5A, Honor 6X, Honor 8",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before VNS-L53C605B120CUSTC605D103, The versions before CAM-L03C605B143CUSTC605D008, The versions before CAM-L21C10B145, The versions before CAM-L21C185B156, The versions before CAM-L21C223B133, The versions before CAM-L21C432B210, The versions before CAM-L21C464B170, The versions before CAM-L21C636B245, The versions before Berlin-L21C10B372, The versions before Berlin-L21C185B363, The versions before Berlin-L21C464B137, The versions before Berlin-L23C605B161, The versions before FRD-L09C10B387, The versions before FRD-L09C185B387, The versions before FRD-L09C432B398, The versions before FRD-L09C636B387, The versions before FRD-L19C10B387, The versions before FRD-L19C432B399, The versions before FRD-L19C636B387,"
}
]
}
]
4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:C/A:N
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.2%