CVE-2018-7928Technologies CO LTD Mycloud vulnerability

2 documents2 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 81.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Westerndigital MY CloudHuawei Technologies CO LTD Mycloud
Timeline
PublishedOct 9
Latest updateMay 13

Description

There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei_technologies_co_ltd/mycloudThe versions before 8.1.2.303
NVDwesterndigital/my_cloud< 8.1.2.303

🔴Vulnerability Details

1
GHSA
GHSA-6jvx-8v7q-2jq7: There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 82022-05-13
CVE-2018-7928 — MEDIUM severity | cvebase