Factory Reset Protection Bypass in Huawei Mate 10 Pro Smartphone
CVE-2018-7936

4.6MEDIUM

Key Information:

Vendor: McAfee
Status: Mate 10 Pro
Vendor: CVE Published:; 4 September 2018

Summary

A vulnerability exists in the Huawei Mate 10 Pro smartphones that allows an attacker to bypass the Factory Reset Protection (FRP) feature. This flaw can be exploited by connecting the device to a PC and executing a set of specific commands that facilitate the installation of unauthorized third-party applications, ultimately disabling the boot wizard. This exploit undermines the security measures intended to protect the device upon factory reset, potentially exposing sensitive user data.

Affected Version(s)

Mate 10 Pro The versions before BLA-L29 8.0.0.148(C432)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
Mar 9, 2018