CVE-2018-7939 — MEDIUM (4.6)

Q: How severe is CVE-2018-7939?

CVE-2018-7939 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-7939?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei G9 Lite Firmware, Huawei G9 Lite, Huawei Honor 5A Firmware, Huawei Honor 5A, Huawei Honor 6X Firmware.

Vulnerability Description

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	G9 Lite Firmware	< vns-l53c605b120custc605d103
Huawei	G9 Lite	-
Huawei	Honor 5A Firmware	< cam-l03c605b143custc605d008
Huawei	Honor 5A	-
Huawei	Honor 6X Firmware	< berlin-l21c10b372
Huawei	Honor 6X	-
Huawei	Honor 8 Firmware	< frd-l09c10b387
Huawei	Honor 8	-

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypaVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypaVendor Advisory

FAQ

What is CVE-2018-7939?

CVE-2018-7939 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the ...

How severe is CVE-2018-7939?

CVE-2018-7939 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7939?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei G9 Lite Firmware, Huawei G9 Lite, Huawei Honor 5A Firmware, Huawei Honor 5A, Huawei Honor 6X Firmware.