Vulnerability Description
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Nova 2 Plus Firmware | < 8.0.0.350\(c00\) |
| Huawei | Nova 2 Plus | - |
| Huawei | Mate 9 Pro Firmware | < 8.0.0.363\(c00\) |
| Huawei | Mate 9 Pro | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphVendor Advisory
FAQ
What is CVE-2018-7988?
CVE-2018-7988 is a vulnerability with a CVSS score of 4.6 (MEDIUM). There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone t...
How severe is CVE-2018-7988?
CVE-2018-7988 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7988?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Nova 2 Plus Firmware, Huawei Nova 2 Plus, Huawei Mate 9 Pro Firmware, Huawei Mate 9 Pro.