Vulnerabilities > CVE-2017-8171 - Exposure of Resource to Wrong Sphere vulnerability in Huawei P10 Plus Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

huawei

CWE-668

NVD

Published: 2017-11-22

Updated: 2019-10-03

Summary

Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P10 Plus Firmware - Huawei P10 Plus Firmware 8.0.0.357\(C00\) Huawei P10 Plus Firmware 9.1.0.201\(C01E75R1P12T8\) Huawei P10 Plus Firmware 9.1.0.252\(C185E2R1P9T8\) Huawei P10 Plus Firmware 9.1.0.252\(C432E4R1P9T8\) Huawei P10 Plus Firmware 9.1.0.255\(C576E6R1P8T8\) Huawei P10 Plus Firmware Vicky-Al00Ac00B172	7
Hardware	Huawei Huawei P10 Plus -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en