Strix
26.1K

CVE-2019-19412

MEDIUMCVSS 4.6/10EPSS 0.21%

Last modified

CVE-2019-19412 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.

Metrics

CVSS 3.1
4.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.21%

11.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
HuaweiAlp-Al00b Firmware< 9.0.0.181\(c00e87r2p20t8\)
HuaweiAlp-L09 Firmware< 9.0.0.201\(c432e4r1p9\)
HuaweiAlp-L29 Firmware< 9.0.0.177\(c185e2r1p12t8\)
HuaweiAlp-L29 Firmware< 9.0.0.195\(c636e2r1p12\)
HuaweiAnne-Al00 Firmware< 8.0.0.168\(c00\)
HuaweiBla-Al00b Firmware< 9.0.0.181\(c00e88r2p15t8\)
HuaweiBla-L09c Firmware< 9.0.0.177\(c185e2r1p13t8\)
HuaweiBla-L09c Firmware< 9.0.0.206\(c432e4r1p11\)
HuaweiBla-L29c Firmware< 9.0.0.179\(c576e2r1p7t8\)
HuaweiBla-L29c Firmware< 9.0.0.194\(c185e2r1p13\)
HuaweiBla-L29c Firmware< 9.0.0.206\(c432e4r1p11\)
HuaweiBla-L29c Firmware< 9.0.0.210\(c635e4r1p13\)
HuaweiBerkeley-Al20 Firmware< 9.0.0.156\(c00e156r2p14t8\)
HuaweiBerkeley-L09 Firmware< 8.0.0.172\(c432\)
HuaweiBerkeley-L09 Firmware< 8.0.0.173\(c636\)
HuaweiEmily-L29c Firmware< 9.0.0.159\(c185e2r1p12t8\)
HuaweiEmily-L29c Firmware< 9.0.0.159\(c461e2r1p11t8\)
HuaweiEmily-L29c Firmware< 9.0.0.160\(c432e7r1p11t8\)
HuaweiEmily-L29c Firmware< 9.0.0.165\(c605e2r1p12\)
HuaweiEmily-L29c Firmware< 9.0.0.168\(c636e7r1p13t8\)
HuaweiEmily-L29c Firmware< 9.0.0.168\(c782e3r1p11t8\)
HuaweiEmily-L29c Firmware< 9.0.0.196\(c635e2r1p11t8\)
HuaweiFigo-L03 Firmware< 9.1.0.130\(c605e6r1p5t8\)
HuaweiFigo-L21 Firmware< 9.1.0.130\(c185e6r1p5t8\)
HuaweiFigo-L21 Firmware< 9.1.0.130\(c635e6r1p5t8\)
HuaweiFigo-L23 Firmware< 9.1.0.130\(c605e6r1p5t8\)
HuaweiFigo-L31 Firmware< 9.1.0.130\(c432e8r1p5t8\)
HuaweiFlorida-L03 Firmware< 9.1.0.121\(c605e5r1p1t8\)
HuaweiFlorida-L21 Firmware< 8.0.0.129\(c605\)
HuaweiFlorida-L21 Firmware< 8.0.0.131\(c432\)
HuaweiFlorida-L21 Firmware< 8.0.0.132\(c185\)
HuaweiFlorida-L22 Firmware< 8.0.0.132\(c636\)
HuaweiFlorida-L23 Firmware< 8.0.0.144\(c605\)
HuaweiP Smart Firmware< 9.1.0.130\(c185e6r1p5t8\)
HuaweiP Smart Firmware< 9.1.0.130\(c605e6r1p5t8\)
HuaweiP Smart Firmware< 9.1.0.124\(c636e6r1p5t8\)
HuaweiY7s Firmware< 9.1.0.124\(c636e6r1p5t8\)
HuaweiP20 Lite Firmware< 8.0.0.148\(c635\)
HuaweiP20 Lite Firmware< 8.0.0.155\(c185\)
HuaweiP20 Lite Firmware< 8.0.0.155\(c605\)
HuaweiP20 Lite Firmware< 8.0.0.156\(c605\)
HuaweiP20 Lite Firmware< 8.0.0.157\(c432\)
HuaweiNova 3e Firmware< 8.0.0.147\(c461\)
HuaweiNova 3e Firmware< 8.0.0.148\(zafc185\)
HuaweiNova 3e Firmware< 8.0.0.160\(c185\)
HuaweiNova 3e Firmware< 8.0.0.160\(c605\)
HuaweiNova 3e Firmware< 8.0.0.168\(c432\)
HuaweiNova 3e Firmware< 8.0.0.172\(c636\)
HuaweiP20 Lite Firmware< 8.0.0.147\(c461\)
HuaweiP20 Lite Firmware< 8.0.0.148\(zafc185\)

Showing 50 of 61 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-19412?
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
How severe is CVE-2019-19412?
CVE-2019-19412 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.
How do I fix CVE-2019-19412?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19412?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST