CVE-2018-7911 — MEDIUM (4.6)

Vulnerability Description

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Alp-Al00B Firmware	8.0.0.106\(c00\)
Huawei	Alp-Al00B	-
Huawei	Alp-Al00B-Rsc Firmware	1.0.0.2
Huawei	Alp-Al00B-Rsc	-
Huawei	Bla-Tl00B Firmware	8.0.0.113\(sp7c01\)
Huawei	Bla-Tl00B	-
Huawei	Charlotte-Al00A Firmware	8.1.0.105\(sp7c00\)
Huawei	Charlotte-Al00A	-
Huawei	Emily-Al00A Firmware	8.1.0.105\(sp6c00\)
Huawei	Emily-Al00A	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypaVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypaVendor Advisory

FAQ

What is CVE-2018-7911?

CVE-2018-7911 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), ...

How severe is CVE-2018-7911?

CVE-2018-7911 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7911?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Alp-Al00B Firmware, Huawei Alp-Al00B, Huawei Alp-Al00B-Rsc Firmware, Huawei Alp-Al00B-Rsc, Huawei Bla-Tl00B Firmware.