Vulnerabilities > CVE-2018-7988 - Incorrect Authorization vulnerability in Huawei Mate 9 PRO Firmware and Nova 2 Plus Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

huawei

CWE-863

NVD

Published: 2018-11-27

Updated: 2019-10-03

Summary

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Nova 2 Plus Firmware * Huawei Mate 9 PRO Firmware - Huawei Mate 9 PRO Firmware 8.0.0.129\(Sp2C01\) Huawei Mate 9 PRO Firmware 8.0.0.343\(C00\) Huawei Mate 9 PRO Firmware 8.0.0.356\(C00\) Huawei Mate 9 PRO Firmware 8.0.0.360\(C721\)	6
Hardware	Huawei Huawei Nova 2 Plus - Huawei Mate 9 PRO -	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-smartphone-en