Security feature bypass

2017-11-2219:29:00

PRIOn knowledge base

www.prio-n.com

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

CPENameOperatorVersion
maya-l02_firmwareeq< maya-l2c636b126
vicky-al00a_firmwareeq< vicky-al0ac0b162
victoria-al00a_firmwareeq< victoria-al0ac0b167
vky-l09_firmwareeq< vky-l29c10b151
vky-l29_firmwareeq< vtr-l29c10b151
warsaw-al00_firmwareeq< warsaw-al0c0b200

Name	Operator	Version
maya-l02_firmware	eq	< maya-l2c636b126
vicky-al00a_firmware	eq	< vicky-al0ac0b162
victoria-al00a_firmware	eq	< victoria-al0ac0b167
vky-l09_firmware	eq	< vky-l29c10b151
vky-l29_firmware	eq	< vtr-l29c10b151
warsaw-al00_firmware	eq	< warsaw-al0c0b200