Vulnerability Description
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate 20 X Firmware | < ever-al00b_9.0.0.200\(c00e200r2p1\) |
| Huawei | Mate 20 X | - |
| Huawei | Mate 20 Firmware | < hima-al00b\/hima-tl00b_9.0.0.200\(c00e200r2p1\) |
| Huawei | Mate 20 | - |
| Huawei | Honor Magic 2 Firmware | < tony-al00b\/tony-tl00b_9.0.0.182\(c00e180r2p2\) |
| Huawei | Honor Magic 2 | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190626-01-frp-enVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190626-01-frp-enVendor Advisory
FAQ
What is CVE-2019-5220?
CVE-2019-5220 is a vulnerability with a CVSS score of 4.6 (MEDIUM). There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step ...
How severe is CVE-2019-5220?
CVE-2019-5220 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5220?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 20 X Firmware, Huawei Mate 20 X, Huawei Mate 20 Firmware, Huawei Mate 20, Huawei Honor Magic 2 Firmware.