Security feature bypass

2017-11-2219:29:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

CPENameOperatorVersion
berlin-l21_firmwareeqberlin-l21c10b130
berlin-l21_firmwareeqberlin-l21c185b133
berlin-l21hn_firmwareeqberlin-l21hnc10b131
berlin-l21hn_firmwareeqberlin-l21hnc185b140
berlin-l21hn_firmwareeqberlin-l21hnc432b151
berlin-l22_firmwareeqberlin-l22c636b160
berlin-l22hn_firmwareeqberlin-l22hnc636b130
berlin-l22hn_firmwareeqberlin-l22hnc675b150custc675d1
berlin-l23_firmwareeqberlin-l23c605b131
berlin-l24hn_firmwareeqberlin-l24hnc567b110

Name	Operator	Version
berlin-l21_firmware	eq	berlin-l21c10b130
berlin-l21_firmware	eq	berlin-l21c185b133
berlin-l21hn_firmware	eq	berlin-l21hnc10b131
berlin-l21hn_firmware	eq	berlin-l21hnc185b140
berlin-l21hn_firmware	eq	berlin-l21hnc432b151
berlin-l22_firmware	eq	berlin-l22c636b160
berlin-l22hn_firmware	eq	berlin-l22hnc636b130
berlin-l22hn_firmware	eq	berlin-l22hnc675b150custc675d1
berlin-l23_firmware	eq	berlin-l23c605b131
berlin-l24hn_firmware	eq	berlin-l24hnc567b110