CVE-2018-7911

EUVD-2018-19623
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
huaweialp-al00b_firmware
8.0.0.106\(c00\)
huaweialp-al00b_firmware
8.0.0.113\(sp2c00\)
huaweialp-al00b_firmware
8.0.0.113\(sp3c00\)
huaweialp-al00b_firmware
8.0.0.113\(sp7c00\)
huaweialp-al00b_firmware
8.0.0.118\(c00\)
huaweialp-al00b_firmware
8.0.0.120\(sp2c00\)
huaweialp-al00b_firmware
8.0.0.125\(sp1c00\)
huaweialp-al00b_firmware
8.0.0.125\(sp3c00\)
huaweialp-al00b_firmware
8.0.0.126\(sp2c00\)
huaweialp-al00b_firmware
8.0.0.126\(sp5c00\)
huaweialp-al00b_firmware
8.0.0.127\(sp1c00\)
huaweialp-al00b_firmware
8.0.0.128\(sp2c00\)
huaweialp-al00b-rsc_firmware
1.0.0.2
huaweibla-tl00b_firmware
8.0.0.113\(sp7c01\)
huaweibla-tl00b_firmware
8.0.0.118\(c01\)
huaweibla-tl00b_firmware
8.0.0.120\(sp2c01\)
huaweibla-tl00b_firmware
8.0.0.125\(sp1c01\)
huaweibla-tl00b_firmware
8.0.0.125\(sp2c01\)
huaweibla-tl00b_firmware
8.0.0.125\(sp3c01\)
huaweibla-tl00b_firmware
8.0.0.126\(sp2c01\)
huaweibla-tl00b_firmware
8.0.0.126\(sp5c01\)
huaweibla-tl00b_firmware
8.0.0.127\(sp1c01\)
huaweibla-tl00b_firmware
8.0.0.128\(sp2c01\)
huaweibla-tl00b_firmware
8.0.0.129\(sp2c01\)
huaweicharlotte-al00a_firmware
8.1.0.105\(sp7c00\)
huaweicharlotte-al00a_firmware
8.1.0.106\(sp3c00\)
huaweicharlotte-al00a_firmware
8.1.0.107\(sp5c00\)
huaweicharlotte-al00a_firmware
8.1.0.107\(sp7c00\)
huaweicharlotte-al00a_firmware
8.1.0.108\(sp3c00\)
huaweicharlotte-al00a_firmware
8.1.0.108\(sp6c00\)
huaweicharlotte-al00a_firmware
8.1.0.109\(sp2c00\)
huaweiemily-al00a_firmware
8.1.0.105\(sp6c00\)
huaweiemily-al00a_firmware
8.1.0.106\(sp2c00\)
huaweiemily-al00a_firmware
8.1.0.107\(sp5c00\)
huaweiemily-al00a_firmware
8.1.0.107\(sp7c00\)
huaweiemily-al00a_firmware
8.1.0.108\(sp2c00\)
huaweiemily-al00a_firmware
8.1.0.108\(sp6c00\)
huaweiemily-al00a_firmware
8.1.0.109\(sp5c00\)
𝑥
= Vulnerable software versions
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en