CVE-2018-7939

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.

CVSS v3 4.6 MEDIUM
CVSS v2.0 4.9 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:g9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:g9_lite:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:huawei:honor_5a:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-09-12 15:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-7939

Mitre link : CVE-2018-7939

CVE.ORG link : CVE-2018-7939

JSON object : View

Products Affected

huawei

honor_5a_firmware
honor_5a
honor_8_firmware
honor_6x
g9_lite_firmware
honor_8
honor_6x_firmware
g9_lite

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-7939", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-09-12T15:29:01.233", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "Los smartphones Huawei G9 Lite, Honor 5A, Honor 6X y Honor 8 con versiones anteriores a la VNS-L53C605B120CUSTC605D103, versiones anteriores a la CAM-L03C605B143CUSTC605D008, versiones anteriores a la CAM-L21C10B145, versiones anteriores a la CAM-L21C185B156, versiones anteriores a la CAM-L21C223B133, versiones anteriores a la CAM-L21C432B210, versiones anteriores a la CAM-L21C464B170, versiones anteriores a la CAM-L21C636B245, versiones anteriores a la Berlin-L21C10B372, versiones anteriores a la Berlin-L21C185B363, versiones anteriores a la Berlin-L21C464B137, versiones anteriores a la Berlin-L23C605B161, versiones anteriores a la FRD-L09C10B387, versiones anteriores a la FRD-L09C185B387, versiones anteriores a la FRD-L09C432B398, versiones anteriores a la FRD-L09C636B387, versiones anteriores a la FRD-L19C10B387, versiones anteriores a la FRD-L19C432B399 y versiones anteriores a la FRD-L19C636B387 tienen una vulnerabilidad de seguridad de omisi\u00f3n de FRP (Factory Reset Protection). Al reconfigurar el tel\u00e9fono m\u00f3vil mediante la funci\u00f3n FRP (Factory Reset Protection), un atacante puede deshabilitar el asistente de arranque habilitando la funci\u00f3n talkback. Como resultado, se omite la funci\u00f3n FRP."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:g9_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F8A4E3-0CE0-44E9-B3DC-11D2D8881890", "versionEndExcluding": "vns-l53c605b120custc605d103"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:g9_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "973755E2-E74B-48D2-B9D7-C26FFDAB4C5E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AF15524-BA8E-4DE5-A647-B4D62CD53911", "versionEndExcluding": "cam-l03c605b143custc605d008"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AB1CE1A-D288-4815-ACB0-B9EFECA14B6C", "versionEndExcluding": "cam-l21c10b145"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90CD0FAA-5C93-4B54-8001-191C60A3BC69", "versionEndExcluding": "cam-l21c185b156"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA9CCAC8-52C4-44B7-8AD8-E09940A15A94", "versionEndExcluding": "cam-l21c223b133"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EC59B38-AFCF-4490-96F3-61F1CBF6AB6F", "versionEndExcluding": "cam-l21c432b210"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9225CCD-AFA9-4C52-B5AB-BC684C95FC6E", "versionEndExcluding": "cam-l21c464b170"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_5a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF3014C4-7D71-40E1-A4F3-C8057A3B040D", "versionEndExcluding": "cam-l21c636b245"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_5a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28042D7B-7395-4CC4-BEFB-1752D4540148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756C0AF6-0C17-4C1F-821C-0A75ED69C5F7", "versionEndExcluding": "berlin-l21c10b372"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07006372-CA98-4256-9C07-A2152A8D2BBA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "031127A2-6ACF-475B-944C-712C69CF1C98", "versionEndExcluding": "berlin-l21c185b363"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07006372-CA98-4256-9C07-A2152A8D2BBA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B371E85E-3512-4DAD-9230-91CE3862A74F", "versionEndExcluding": "berlin-l21c464b137"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07006372-CA98-4256-9C07-A2152A8D2BBA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_6x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A26FFA79-ED4C-466B-9711-5B5A8183C279", "versionEndExcluding": "berlin-l23c605b161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_6x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07006372-CA98-4256-9C07-A2152A8D2BBA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC57564-95A9-4D88-BBB2-94D1F7154549", "versionEndExcluding": "frd-l09c10b387"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16DDE9E-E39A-41B5-99DF-09B089EAA7BF", "versionEndExcluding": "frd-l09c185b387"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A96CA79-1D23-404E-8730-5EB29C33C55A", "versionEndExcluding": "frd-l09c432b398"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "408CD567-3C9F-4A8B-8403-43ED51D6B40C", "versionEndExcluding": "frd-l09c636b387"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E509EC01-9F1B-4B45-B681-FA9FFCA558AA", "versionEndExcluding": "frd-l19c10b387"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFA7EDD6-50B9-4912-9AB6-D0582FD36798", "versionEndExcluding": "frd-l19c432b399"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:honor_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B6F1BA-C4B1-4EE6-BD46-4D9C8CFFBE53", "versionEndExcluding": "frd-l19c636b387"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:honor_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72889681-6793-4451-B97F-F12B4B28372A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}