CVE-2019-19412
4.6
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 0.9 / Impact: 3.6
Source: NVD
Description
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
Affected (61)
Products: Huawei: Alp Al00b Firmware, Alp L09 Firmware, Alp L29 Firmware, Anne Al00 Firmware, Bla Al00b Firmware, Bla L09c Firmware, Bla L29c Firmware, Berkeley Al20 Firmware, Berkeley L09 Firmware, Emily L29c Firmware, Figo L03 Firmware, Figo L21 Firmware, Figo L23 Firmware, Figo L31 Firmware, Florida L03 Firmware, Florida L21 Firmware, Florida L22 Firmware, Florida L23 Firmware, P Smart Firmware, Y7s Firmware, P20 Lite Firmware, Nova 3e Firmware, Honor View 10 Firmware, Leland Al00a Firmware, Leland L21a Firmware, Leland L22a Firmware, Leland L22c Firmware, Leland L31a Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.181\(c00e87r2p20t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Alp Al00b | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.201\(c432e4r1p9\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Alp L09 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.177\(c185e2r1p12t8\) |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.195\(c636e2r1p12\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Alp L29 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.168\(c00\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Anne Al00 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.181\(c00e88r2p15t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Bla Al00b | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.177\(c185e2r1p13t8\) |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.206\(c432e4r1p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Bla L09c | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.179\(c576e2r1p7t8\) |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.194\(c185e2r1p13\) |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.206\(c432e4r1p11\) |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.210\(c635e4r1p13\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Bla L29c | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.156\(c00e156r2p14t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Berkeley Al20 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.172\(c432\) |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.173\(c636\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Berkeley L09 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.159\(c185e2r1p12t8\) |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.159\(c461e2r1p11t8\) |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.160\(c432e7r1p11t8\) |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.165\(c605e2r1p12\) |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.168\(c636e7r1p13t8\) |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.168\(c782e3r1p11t8\) |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.196\(c635e2r1p11t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Emily L29c | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c605e6r1p5t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Figo L03 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c185e6r1p5t8\) |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c635e6r1p5t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Figo L21 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c605e6r1p5t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Figo L23 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c432e8r1p5t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Figo L31 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.121\(c605e5r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Florida L03 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.129\(c605\) |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.131\(c432\) |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.132\(c185\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Florida L21 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.132\(c636\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Florida L22 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.144\(c605\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Florida L23 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c185e6r1p5t8\) |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.130\(c605e6r1p5t8\) |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.124\(c636e6r1p5t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei P Smart | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.124\(c636e6r1p5t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Y7s | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.148\(c635\) |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.155\(c185\) |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.155\(c605\) |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.156\(c605\) |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.157\(c432\) |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.147\(c461\) |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.148\(zafc185\) |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.160\(c185\) |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.160\(c605\) |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.168\(c432\) |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.172\(c636\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Nova 3e | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.147\(c461\) |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.148\(zafc185\) |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.160\(c185\) |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.160\(c605\) |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.168\(c432\) |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.172\(c636\) |
| Running on/with | Platform Versions |
|---|---|
Huawei P20 Lite | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.0.0.202\(c567e6r1p12t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor View 10 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.182\(c00\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Leland Al00a | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.135\(c185\) |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.118\(c636e4r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Leland L21a | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.118\(c636e4r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Leland L22a | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.118\(c636e4r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Leland L22c | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.0.0.139\(c432\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Leland L31a | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.