CVE-2018-7911
published 2018-10-23CVE-2018-7911: Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00)…
medium4.6CVSS 3.0
AVPACLPRNUINSUCNIHAN
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| huawei | alp-al00b-rsc_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | alp-al00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | bla-tl00b_firmware | — | — |
| huawei | charlotte-al00a_firmware | — | — |