Vulnerabilities > CVE-2017-8152 - Improperly Implemented Security Check for Standard vulnerability in Huawei Honor 5S Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

huawei

CWE-358

NVD

Published: 2017-11-22

Updated: 2017-12-11

Summary

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Honor 5S Firmware *	1
Hardware	Huawei Huawei Honor 5S -	1

Common Weakness Enumeration (CWE)

CWE-358 - Improperly Implemented Security Check for Standard

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartphone-en