Vulnerabilities > CVE-2018-7928 - Unspecified vulnerability in Westerndigital MY Cloud

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

westerndigital

NVD

Published: 2018-10-09

Updated: 2020-02-24

Summary

There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.

Vulnerable Configurations

Part	Description	Count
Application	Westerndigital Westerndigital MY Cloud -	1

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en