Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-8173

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Published

2017-11-22T19:29:04.083

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System huawei maya-l02_firmware < maya-l02c636b126 Yes
Hardware huawei maya-l02 - No
Operating System huawei vky-l09_firmware < vky-l29c10b151 Yes
Hardware huawei vky-l09 - No
Operating System huawei vky-l29_firmware < vtr-l29c10b151 Yes
Hardware huawei vky-l29 - No
Operating System huawei vicky-al00a_firmware < vicky-al00ac00b162 Yes
Hardware huawei vicky-al00a - No
Operating System huawei victoria-al00a_firmware < victoria-al00ac00b167 Yes
Hardware huawei victoria-al00a - No
Operating System huawei warsaw-al00_firmware < warsaw-al00c00b200 Yes
Hardware huawei warsaw-al00 - No
References