CVE-2018-7911

Published: Oct 23, 2018Modified: Nov 21, 2024

4.6

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Affected (38)

Products: Huawei: Alp Al00b Firmware, Alp Al00b Rsc Firmware, Bla Tl00b Firmware, Charlotte Al00a Firmware, Emily Al00a Firmware

Huawei

5 products

Alp Al00b Firmware

Alp Al00b Rsc Firmware

Bla Tl00b Firmware

Charlotte Al00a Firmware

Emily Al00a Firmware

Configuration A

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Alp Al00b Firmware	Version 8.0.0.106(c00)
Huawei Alp Al00b Firmware	Version 8.0.0.113(sp2c00)
Huawei Alp Al00b Firmware	Version 8.0.0.113(sp3c00)
Huawei Alp Al00b Firmware	Version 8.0.0.113(sp7c00)
Huawei Alp Al00b Firmware	Version 8.0.0.118(c00)
Huawei Alp Al00b Firmware	Version 8.0.0.120(sp2c00)
Huawei Alp Al00b Firmware	Version 8.0.0.125(sp1c00)
Huawei Alp Al00b Firmware	Version 8.0.0.125(sp3c00)
Huawei Alp Al00b Firmware	Version 8.0.0.126(sp2c00)
Huawei Alp Al00b Firmware	Version 8.0.0.126(sp5c00)
Huawei Alp Al00b Firmware	Version 8.0.0.127(sp1c00)
Huawei Alp Al00b Firmware	Version 8.0.0.128(sp2c00)

Running on/with	Platform Versions
Huawei Alp Al00b	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Alp Al00b Rsc Firmware	Version 1.0.0.2

Running on/with	Platform Versions
Huawei Alp Al00b Rsc	All versions

Configuration C

11 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bla Tl00b Firmware	Version 8.0.0.113(sp7c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.118(c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.120(sp2c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.125(sp1c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.125(sp2c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.125(sp3c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.126(sp2c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.126(sp5c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.127(sp1c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.128(sp2c01)
Huawei Bla Tl00b Firmware	Version 8.0.0.129(sp2c01)

Running on/with	Platform Versions
Huawei Bla Tl00b	All versions

Configuration D

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Charlotte Al00a Firmware	Version 8.1.0.105(sp7c00)
Huawei Charlotte Al00a Firmware	Version 8.1.0.106(sp3c00)
Huawei Charlotte Al00a Firmware	Version 8.1.0.107(sp5c00)
Huawei Charlotte Al00a Firmware	Version 8.1.0.107(sp7c00)
Huawei Charlotte Al00a Firmware	Version 8.1.0.108(sp3c00)
Huawei Charlotte Al00a Firmware	Version 8.1.0.108(sp6c00)
Huawei Charlotte Al00a Firmware	Version 8.1.0.109(sp2c00)

Running on/with	Platform Versions
Huawei Charlotte Al00a	All versions

Configuration E

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Emily Al00a Firmware	Version 8.1.0.105(sp6c00)
Huawei Emily Al00a Firmware	Version 8.1.0.106(sp2c00)
Huawei Emily Al00a Firmware	Version 8.1.0.107(sp5c00)
Huawei Emily Al00a Firmware	Version 8.1.0.107(sp7c00)
Huawei Emily Al00a Firmware	Version 8.1.0.108(sp2c00)
Huawei Emily Al00a Firmware	Version 8.1.0.108(sp6c00)
Huawei Emily Al00a Firmware	Version 8.1.0.109(sp5c00)

Running on/with	Platform Versions
Huawei Emily Al00a	All versions

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.