Vulnerability Description
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate 10 Pro Firmware | < bla-l29_8.0.0.148\(c432\) |
| Huawei | Mate 10 Pro | - |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypaVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypaVendor Advisory
FAQ
What is CVE-2018-7936?
CVE-2018-7936 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the fac...
How severe is CVE-2018-7936?
CVE-2018-7936 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7936?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 10 Pro Firmware, Huawei Mate 10 Pro.