CVE-2017-8173

Published: Nov 22, 2017Modified: May 13, 2026

4.6

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Affected (6)

Products: Huawei: Maya L02 Firmware, Vky L09 Firmware, Vky L29 Firmware, Vicky Al00a Firmware, Victoria Al00a Firmware, Warsaw Al00 Firmware

6 products

Victoria Al00a Firmware

Warsaw Al00 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Maya L02 Firmware	Before maya-l02c636b126

Running on/with	Platform Versions
Huawei Maya L02	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Vky L09 Firmware	Before vky-l29c10b151

Running on/with	Platform Versions
Huawei Vky L09	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Vky L29 Firmware	Before vtr-l29c10b151

Running on/with	Platform Versions
Huawei Vky L29	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Vicky Al00a Firmware	Before vicky-al00ac00b162

Running on/with	Platform Versions
Huawei Vicky Al00a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Victoria Al00a Firmware	Before victoria-al00ac00b167

Running on/with	Platform Versions
Huawei Victoria Al00a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Warsaw Al00 Firmware	Before warsaw-al00c00b200

Running on/with	Platform Versions
Huawei Warsaw Al00	All versions

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en

Source: psirt@huawei.com

Issue TrackingVendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.