Vulnerabilities > CVE-2017-8161 - Exposure of Resource to Wrong Sphere vulnerability in Huawei Eva-L09

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

NONE

local

low complexity

huawei

CWE-668

NVD

Published: 2017-11-22

Updated: 2019-10-03

Summary

EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei EVA L09 *	1
Hardware	Huawei Huawei EVA L09 -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-01-frpbypass-en