Vulnerabilities > CVE-2018-7936 - Unspecified vulnerability in Huawei Mate 10 PRO Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

huawei

NVD

Published: 2018-09-04

Updated: 2019-10-03

Summary

Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 10 PRO Firmware - Huawei Mate 10 PRO Firmware 8.1.0.326\(C00\) Huawei Mate 10 PRO Firmware 9.0.0.159\(C185E2R1P13T8\) Huawei Mate 10 PRO Firmware 9.0.0.159\(C636E2R1P13T8\) Huawei Mate 10 PRO Firmware 9.0.0.161\(C432E4R1P11T8\) Huawei Mate 10 PRO Firmware 9.0.0.167\(C00E87R2P15T8\) Huawei Mate 10 PRO Firmware 9.1.0.321\(C605E4R1P13T8\) Huawei Mate 10 PRO Firmware 9.1.0.321\(C636E4R1P14T8\) Huawei Mate 10 PRO Firmware 9.1.0.330\(C432E6R1P12T8\) Huawei Mate 10 PRO Firmware Bla-Al00B_8.1.0.326\(C00\) Huawei Mate 10 PRO Firmware Bla-L29_8.0.0.145\(C432\)	11
Hardware	Huawei Huawei Mate 10 PRO -	1

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180827-01-frpbypass-en