Lucene search

Huawei TechnologiesHUAWEI-SA-20180822-01-FRPBYPASS

HistoryAug 22, 2018 - 12:00 a.m.

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

2018-08-2200:00:00

Huawei Technologies

www.huawei.com

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.3%

JSON

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2018-04042)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7911.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en

Affected configurations

Vulners

Node

huaweialp-al00b_firmwareMatch8.0.0.106

huaweialp-al00b_firmwareMatch8.0.0.113

huaweialp-al00b_firmwareMatch8.0.0.118

huaweialp-al00b_firmwareMatch8.0.0.120

huaweialp-al00b_firmwareMatch8.0.0.125

huaweialp-al00b_firmwareMatch8.0.0.126

huaweialp-al00b_firmwareMatch8.0.0.127

huaweialp-al00b_firmwareMatch8.0.0.128

huaweialp-al00b-rsc_firmwareMatch1.0.0.2

huaweibla-tl00b_firmwareMatch8.0.0.113

huaweibla-tl00b_firmwareMatch8.0.0.118

huaweibla-tl00b_firmwareMatch8.0.0.120

huaweibla-tl00b_firmwareMatch8.0.0.125

huaweibla-tl00b_firmwareMatch8.0.0.126

huaweibla-tl00b_firmwareMatch8.0.0.127

huaweibla-tl00b_firmwareMatch8.0.0.128

huaweibla-tl00b_firmwareMatch8.0.0.129

huaweicharlotte-al00a_firmwareMatch8.1.0.105

huaweicharlotte-al00a_firmwareMatch8.1.0.106

huaweicharlotte-al00a_firmwareMatch8.1.0.107

huaweicharlotte-al00a_firmwareMatch8.1.0.108

huaweicharlotte-al00a_firmwareMatch8.1.0.109

huaweiemily-al00a_firmwareMatch8.1.0.105

huaweiemily-al00a_firmwareMatch8.1.0.106

huaweiemily-al00a_firmwareMatch8.1.0.107

huaweiemily-al00a_firmwareMatch8.1.0.108

huaweiemily-al00a_firmwareMatch8.1.0.109

VendorProductVersionCPE
huaweialp-al00b_firmware8.0.0.106cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.106:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.113cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.118cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.120cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.120:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.125cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.125:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.126cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.126:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.127cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.127:*:*:*:*:*:*:*
huaweialp-al00b_firmware8.0.0.128cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.128:*:*:*:*:*:*:*
huaweialp-al00b-rsc_firmware1.0.0.2cpe:2.3:o:huawei:alp-al00b-rsc_firmware:1.0.0.2:*:*:*:*:*:*:*
huaweibla-tl00b_firmware8.0.0.113cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.113:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	alp-al00b_firmware	8.0.0.106	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.106:::::::*
huawei	alp-al00b_firmware	8.0.0.113	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113:::::::*
huawei	alp-al00b_firmware	8.0.0.118	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118:::::::*
huawei	alp-al00b_firmware	8.0.0.120	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.120:::::::*
huawei	alp-al00b_firmware	8.0.0.125	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.125:::::::*
huawei	alp-al00b_firmware	8.0.0.126	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.126:::::::*
huawei	alp-al00b_firmware	8.0.0.127	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.127:::::::*
huawei	alp-al00b_firmware	8.0.0.128	cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.128:::::::*
huawei	alp-al00b-rsc_firmware	1.0.0.2	cpe:2.3:o:huawei:alp-al00b-rsc_firmware:1.0.0.2:::::::*
huawei	bla-tl00b_firmware	8.0.0.113	cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.113:::::::*

Rows per page:

1-10 of 271

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.3%

JSON

Related for HUAWEI-SA-20180822-01-FRPBYPASS