Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7911

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Published

2018-10-23T14:29:04.437

Last Modified

2024-11-21T04:12:57.430

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	alp-al00b_firmware	8.0.0.106\(c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.113\(sp2c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.113\(sp3c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.113\(sp7c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.118\(c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.120\(sp2c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.125\(sp1c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.125\(sp3c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.126\(sp2c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.126\(sp5c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.127\(sp1c00\)	Yes
Operating System	huawei	alp-al00b_firmware	8.0.0.128\(sp2c00\)	Yes
Hardware	huawei	alp-al00b	-	No
Operating System	huawei	alp-al00b-rsc_firmware	1.0.0.2	Yes
Hardware	huawei	alp-al00b-rsc	-	No
Operating System	huawei	bla-tl00b_firmware	8.0.0.113\(sp7c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.118\(c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.120\(sp2c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.125\(sp1c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.125\(sp2c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.125\(sp3c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.126\(sp2c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.126\(sp5c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.127\(sp1c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.128\(sp2c01\)	Yes
Operating System	huawei	bla-tl00b_firmware	8.0.0.129\(sp2c01\)	Yes
Hardware	huawei	bla-tl00b	-	No
Operating System	huawei	charlotte-al00a_firmware	8.1.0.105\(sp7c00\)	Yes
Operating System	huawei	charlotte-al00a_firmware	8.1.0.106\(sp3c00\)	Yes
Operating System	huawei	charlotte-al00a_firmware	8.1.0.107\(sp5c00\)	Yes
Operating System	huawei	charlotte-al00a_firmware	8.1.0.107\(sp7c00\)	Yes
Operating System	huawei	charlotte-al00a_firmware	8.1.0.108\(sp3c00\)	Yes
Operating System	huawei	charlotte-al00a_firmware	8.1.0.108\(sp6c00\)	Yes
Operating System	huawei	charlotte-al00a_firmware	8.1.0.109\(sp2c00\)	Yes
Hardware	huawei	charlotte-al00a	-	No
Operating System	huawei	emily-al00a_firmware	8.1.0.105\(sp6c00\)	Yes
Operating System	huawei	emily-al00a_firmware	8.1.0.106\(sp2c00\)	Yes
Operating System	huawei	emily-al00a_firmware	8.1.0.107\(sp5c00\)	Yes
Operating System	huawei	emily-al00a_firmware	8.1.0.107\(sp7c00\)	Yes
Operating System	huawei	emily-al00a_firmware	8.1.0.108\(sp2c00\)	Yes
Operating System	huawei	emily-al00a_firmware	8.1.0.108\(sp6c00\)	Yes
Operating System	huawei	emily-al00a_firmware	8.1.0.109\(sp5c00\)	Yes
Hardware	huawei	emily-al00a	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)