Factory Reset Protection Bypass in MyCloud App for Huawei Smartphones
CVE-2018-7928

4.6MEDIUM

Key Information:

Vendor: McAfee
Status: Mycloud
Vendor: CVE Published:; 9 October 2018

What is CVE-2018-7928?

A vulnerability exists in the MyCloud app for certain Huawei smartphones that allows attackers to bypass the Factory Reset Protection (FRP) mechanism. If the MyCloud app version is prior to 8.1.2.303, an attacker can exploit this vulnerability during the reconfiguration of the mobile device, enabling them to replace the original account with a new one through a series of steps. This unauthorized replacement can lead to significant security risks, including compromised user data and unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MyCloud The versions before 8.1.2.303

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2018
Vulnerability Reserved
Mar 9, 2018

JSON

McAfee

What is CVE-2018-7928?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.