Vulnerabilities > CVE-2017-8173 - Unspecified vulnerability in Huawei products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

huawei

NVD

Published: 2017-11-22

Updated: 2019-10-03

Summary

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Maya L02 Firmware - Huawei VKY L09 Firmware - Huawei VKY L29 Firmware - Huawei Vicky Al00A Firmware - Huawei Vicky Al00A Firmware Vicky-Al00Ac00B124D Huawei Vicky Al00A Firmware Vicky-Al00Ac00B157D Huawei Victoria Al00A Firmware - Huawei Warsaw Al00 Firmware -	8
Hardware	Huawei Huawei Maya L02 - Huawei VKY L09 - Huawei VKY L29 - Huawei Vicky Al00A - Huawei Victoria Al00A - Huawei Warsaw Al00 -	6

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en