Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7939

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.

Published

2018-09-12T15:29:01.233

Last Modified

2024-11-21T04:12:59.580

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	g9_lite_firmware	< vns-l53c605b120custc605d103	Yes
Hardware	huawei	g9_lite	-	No
Operating System	huawei	honor_5a_firmware	< cam-l03c605b143custc605d008	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_5a_firmware	< cam-l21c10b145	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_5a_firmware	< cam-l21c185b156	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_5a_firmware	< cam-l21c223b133	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_5a_firmware	< cam-l21c432b210	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_5a	< cam-l21c464b170	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_5a_firmware	< cam-l21c636b245	Yes
Hardware	huawei	honor_5a	-	No
Operating System	huawei	honor_6x_firmware	< berlin-l21c10b372	Yes
Hardware	huawei	honor_6x	-	No
Operating System	huawei	honor_6x_firmware	< berlin-l21c185b363	Yes
Hardware	huawei	honor_6x	-	No
Operating System	huawei	honor_6x_firmware	< berlin-l21c464b137	Yes
Hardware	huawei	honor_6x	-	No
Operating System	huawei	honor_6x_firmware	< berlin-l23c605b161	Yes
Hardware	huawei	honor_6x	-	No
Operating System	huawei	honor_8_firmware	< frd-l09c10b387	Yes
Hardware	huawei	honor_8	-	No
Operating System	huawei	honor_8_firmware	< frd-l09c185b387	Yes
Hardware	huawei	honor_8	-	No
Operating System	huawei	honor_8_firmware	< frd-l09c432b398	Yes
Hardware	huawei	honor_8	-	No
Operating System	huawei	honor_8_firmware	< frd-l09c636b387	Yes
Hardware	huawei	honor_8	-	No
Operating System	huawei	honor_8_firmware	< frd-l19c10b387	Yes
Hardware	huawei	honor_8	-	No
Operating System	huawei	honor_8_firmware	< frd-l19c432b399	Yes
Hardware	huawei	honor_8	-	No
Operating System	huawei	honor_8_firmware	< frd-l19c636b387	Yes
Hardware	huawei	honor_8	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)