Vulnerability Description
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate10 Firmware | < alp-al00b_8.0.0.110\(c00\) |
| Huawei | Mate10 | - |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphVendor Advisory
FAQ
What is CVE-2018-7991?
CVE-2018-7991 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an a...
How severe is CVE-2018-7991?
CVE-2018-7991 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7991?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate10 Firmware, Huawei Mate10.