Factory Reset Bypass in Huawei Honor 5S Smartphones
CVE-2017-8152

4.6MEDIUM

Key Information:

Vendor: McAfee
Status: Honor 5s
Vendor: CVE Published:; 22 November 2017

Summary

The vulnerability in Huawei Honor 5S smartphones allows unauthorized access to the factory reset page. By simply dialing a specific code, malicious actors can bypass Factory Reset Protection (FRP) mechanisms. This flaw arises from an improper design in the device's software, enabling attackers to restore the phone to its factory settings without authorization. Users should exercise caution and apply any available security patches to mitigate this risk.

Affected Version(s)

Honor 5S The versions before TAG-TL00C01B173

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017