CVE-2017-8152 — MEDIUM (4.6)

Q: How severe is CVE-2017-8152?

CVE-2017-8152 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8152?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 5S Firmware, Huawei Honor 5S.

Vulnerability Description

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Honor 5S Firmware	< tag-tl00c01b173
Huawei	Honor 5S	-

Related Weaknesses (CWE)

CWE-358

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphVendor Advisory

FAQ

What is CVE-2017-8152?

CVE-2017-8152 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access fa...

How severe is CVE-2017-8152?

CVE-2017-8152 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8152?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Honor 5S Firmware, Huawei Honor 5S.