CVE-2018-7939
Last modified
CVE-2018-7939 is a vulnerability of currently unknown severity. Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | G9 Lite Firmware | < vns-l53c605b120custc605d103 |
| Huawei | Honor 5a Firmware | < cam-l03c605b143custc605d008 |
| Huawei | Honor 5a Firmware | < cam-l21c10b145 |
| Huawei | Honor 5a Firmware | < cam-l21c185b156 |
| Huawei | Honor 5a Firmware | < cam-l21c223b133 |
| Huawei | Honor 5a Firmware | < cam-l21c432b210 |
| Huawei | Honor 5a | < cam-l21c464b170 |
| Huawei | Honor 5a Firmware | < cam-l21c636b245 |
| Huawei | Honor 6x Firmware | < berlin-l21c10b372 |
| Huawei | Honor 6x Firmware | < berlin-l21c185b363 |
| Huawei | Honor 6x Firmware | < berlin-l21c464b137 |
| Huawei | Honor 6x Firmware | < berlin-l23c605b161 |
| Huawei | Honor 8 Firmware | < frd-l09c10b387 |
| Huawei | Honor 8 Firmware | < frd-l09c185b387 |
| Huawei | Honor 8 Firmware | < frd-l09c432b398 |
| Huawei | Honor 8 Firmware | < frd-l09c636b387 |
| Huawei | Honor 8 Firmware | < frd-l19c10b387 |
| Huawei | Honor 8 Firmware | < frd-l19c432b399 |
| Huawei | Honor 8 Firmware | < frd-l19c636b387 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7939?
How severe is CVE-2018-7939?
How do I fix CVE-2018-7939?
Are you affected by CVE-2018-7939?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST