CVE-2018-7939 Information

Description

Huawei smart phones G9 Lite Honor 5A Honor 6X Honor 8 with the versions before VNS-L53C605B120CUSTC605D103 the versions before CAM-L03C605B143CUSTC605D008 the versions before CAM-L21C10B145 the versions before CAM-L21C185B156 the versions before CAM-L21C223B133 the versions before CAM-L21C432B210 the versions before CAM-L21C464B170 the versions before CAM-L21C636B245 the versions before Berlin-L21C10B372 the versions before Berlin-L21C185B363 the versions before Berlin-L21C464B137 the versions before Berlin-L23C605B161 the versions before FRD-L09C10B387 the versions before FRD-L09C185B387 the versions before FRD-L09C432B398 the versions before FRD-L09C636B387 the versions before FRD-L19C10B387 the versions before FRD-L19C432B399 the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function an attacker can disable the boot wizard by enable the talkback function. As a result the FRP function is bypassed.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

4.6