Vulnerabilites related to huawei - alp-al00b-rsc_firmware
Vulnerability from fkie_nvd
Published
2018-10-23 14:29
Modified
2024-11-21 04:12
Severity ?
Summary
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.106\\(c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C52A7CD3-98AF-4E85-BFE3-971AA359DD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "02F67A4B-843A-403B-992A-21F900A42291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113\\(sp3c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D90101E-0AA9-401F-9435-8605865D8748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113\\(sp7c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "20F4536B-FAD3-4AF6-ADE4-AA458C6A82B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118\\(c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1F7D3A95-FFF4-4412-A709-BC1EA0EE9389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.120\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08348C88-FF3D-4B88-9B6F-A17D00965268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.125\\(sp1c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F7A3D24-8394-4555-AC4C-876C92A39010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.125\\(sp3c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4A880D55-009A-40D2-AE2F-4A32F6288346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.126\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0984004A-45AE-4E0A-93AC-E17168189A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.126\\(sp5c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DE1965F0-40F9-40CB-9A39-672278259C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.127\\(sp1c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9DA493CF-9670-4D6B-B5E8-20E44642FEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.128\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C41D62FD-71CC-4583-A3CA-2509422EC6BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:alp-al00b-rsc_firmware:1.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B6C500-CE64-48A3-95FC-A0F71C3AACFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:alp-al00b-rsc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B7807E-41B3-4F39-938C-BF482E4FDC96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.113\\(sp7c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8EDA0CB0-04AD-46C2-8CD1-1BDAF2722DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.118\\(c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C007A17-7F9F-4EC2-8DD7-01217B7B0C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.120\\(sp2c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "81BEF6F9-0FAD-4649-9AD8-056617A0A2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.125\\(sp1c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "98013FF1-FE4D-4BE0-A715-6A22CB1AADD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.125\\(sp2c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "98B49194-20F5-4B0F-A1D0-394AFE4605A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.125\\(sp3c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "896D0A6F-C26D-4B6C-85FC-E50104BF2797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.126\\(sp2c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E002850B-AE9E-46A9-AEFF-FC1D2ACEDCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.126\\(sp5c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36AAB41E-781E-49A3-A596-619677D394FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.127\\(sp1c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DDC92852-7AC5-4F6F-9BAD-51ABFE87B02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.128\\(sp2c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF5D8C88-4ACC-4663-904C-139D5F99C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.129\\(sp2c01\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE5185C7-F99C-471C-9718-CC08FFEA49A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bla-tl00b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAF02E9-8732-4E8E-8AA6-A422C200F9B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.105\\(sp7c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E73291B7-8420-4AB4-945E-B8332F888A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.106\\(sp3c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6672D5B9-6A8D-444E-BC41-1F6FA6ADAB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.107\\(sp5c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "188EBACC-FE71-4165-9DA5-D3C2A813E346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.107\\(sp7c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA6DE6B7-A8A4-4976-8A1F-08307B5C6B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.108\\(sp3c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "44AC9C14-A4A2-4C13-8AD0-48D62257A2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.108\\(sp6c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D8D7827E-EF4C-4B2B-9555-2F635FE9331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.109\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "146DB107-58BC-46A1-9E3D-7A2C969FEE33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:charlotte-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9EFA36-508E-42A6-83A5-D94273265400",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.105\\(sp6c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C5C604B-34FA-4519-92DE-BCCEC2271E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.106\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2385EEAB-9B82-4461-AE30-4B5E639A3A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.107\\(sp5c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11B6FE85-304B-4992-AA0C-0AD91AF057F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.107\\(sp7c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7BCF76DE-308E-404D-85EF-08A109E22B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.108\\(sp2c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BFF85F1B-9347-4923-98FE-F0E1A43BC17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.108\\(sp6c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C636ADB6-FF53-46AF-BBD6-900EA2E2EFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.109\\(sp5c00\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A364F9D-1052-4CFC-8D68-6EFA8336D04D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC84A74-7F01-4434-896C-B9B595984F23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
},
{
"lang": "es",
"value": "Algnos smartphones Huawei ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00) y 8.1.0.109(SP5C00) tienen una vulnerabilidad de omisi\u00f3n de seguridad de FRP (Factory Reset Protection). Al reconfigurar el tel\u00e9fono m\u00f3vil mediante la funci\u00f3n FRP, un atacante puede iniciar sesi\u00f3n en el flujo de configuraci\u00f3n por Gaode Map y puede realizar algunas operaciones para actualizar la cuenta de Google. Como resultado, se omite la funci\u00f3n FRP."
}
],
"id": "CVE-2018-7911",
"lastModified": "2024-11-21T04:12:57.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-23T14:29:04.437",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-7911
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, |
Version: ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-23T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7911",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}