CVE-2017-8171

CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 92.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P10 Plus FirmwareHuawei Technologies Co., Ltd. Vicky-al00a
Timeline
PublishedNov 22
Latest updateMay 13

Description

Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei_technologies_co.,_ltd./vicky-al00aEarlier than Vicky-AL00AC00B172D versions
NVDhuawei/p10_plus_firmware< vicky-al00ac00b172d

🔴Vulnerability Details

2
GHSA
GHSA-w79h-25vh-6g7c: Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability2022-05-13
CVEList
CVE-2017-8171: Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability2017-11-22
CVE-2017-8171 (MEDIUM CVSS 4.6) | Huawei smart phones with software e | cvebase.io