Authentication flaw

2018-11-1319:29:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user’s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.

CPENameOperatorVersion
alp-al00b_firmwareeq8.0.118-dc0
alp-tl00b_firmwareeq8.0.118-dc1
bla-al00b_firmwareeq8.0.118-dc0
bla-l09c_firmwareeq8.0.127-c432
bla-l09c_firmwareeq8.0.128-c432
bla-l09c_firmwareeq8.0.137-c432
bla-l29c_firmwareeq8.0.127-c432
bla-l29c_firmwareeq8.0.137-c432

Name	Operator	Version
alp-al00b_firmware	eq	8.0.118-dc0
alp-tl00b_firmware	eq	8.0.118-dc1
bla-al00b_firmware	eq	8.0.118-dc0
bla-l09c_firmware	eq	8.0.127-c432
bla-l09c_firmware	eq	8.0.128-c432
bla-l09c_firmware	eq	8.0.137-c432
bla-l29c_firmware	eq	8.0.127-c432
bla-l29c_firmware	eq	8.0.137-c432