Lucene search

Huawei TechnologiesHUAWEI-SA-20180905-01-FRPBYPASS

HistorySep 05, 2018 - 12:00 a.m.

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

2018-09-0500:00:00

Huawei Technologies

www.huawei.com

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-12057)
This vulnerability has been assigned a CVE ID: CVE-2018-7939.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en

Affected configurations

Vulners

Node

huaweihedex_liteMatchvns-l53c605b120custc605d103

huaweihonor_5aMatchcam-l03c605b143custc605d008

huaweihonor_5aMatchcam-l21c10b145

huaweihonor_5aMatchcam-l21c185b156

huaweihonor_5aMatchcam-l21c223b133

huaweihonor_5aMatchcam-l21c432b210

huaweihonor_5aMatchcam-l21c464b170

huaweihonor_5aMatchcam-l21c636b245

huaweihonor_6xMatchberlin-l21c10b372

huaweihonor_6xMatchberlin-l21c185b363

huaweihonor_6xMatchberlin-l21c464b137

huaweihonor_6xMatchberlin-l23c605b161

huaweihonor_8Matchfrd-l09c10b387

huaweihonor_8Matchfrd-l09c185b387

huaweihonor_8Matchfrd-l09c432b398

huaweihonor_8Matchfrd-l09c636b387

huaweihonor_8Matchfrd-l19c10b387

huaweihonor_8Matchfrd-l19c432b399

huaweihonor_8Matchfrd-l19c636b387

CPENameOperatorVersion
g9 liteeqVNS-L53C605B120CUSTC605D103
honor 5aeqCAM-L03C605B143CUSTC605D008
honor 5aeqCAM-L21C10B145
honor 5aeqCAM-L21C185B156
honor 5aeqCAM-L21C223B133
honor 5aeqCAM-L21C432B210
honor 5aeqCAM-L21C464B170
honor 5aeqCAM-L21C636B245
honor 6xeqBerlin-L21C10B372
honor 6xeqBerlin-L21C185B363

Name	Operator	Version
g9 lite	eq	VNS-L53C605B120CUSTC605D103
honor 5a	eq	CAM-L03C605B143CUSTC605D008
honor 5a	eq	CAM-L21C10B145
honor 5a	eq	CAM-L21C185B156
honor 5a	eq	CAM-L21C223B133
honor 5a	eq	CAM-L21C432B210
honor 5a	eq	CAM-L21C464B170
honor 5a	eq	CAM-L21C636B245
honor 6x	eq	Berlin-L21C10B372
honor 6x	eq	Berlin-L21C185B363

Rows per page:

1-10 of 191

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for HUAWEI-SA-20180905-01-FRPBYPASS