Factory Reset Protection Bypass in Huawei Smartphones
CVE-2019-19412

4.6MEDIUM

Key Information:

Vendor
Huawei
Vendor
CVE Published:
8 June 2020

Summary

Huawei smartphones are impacted by a vulnerability in their Factory Reset Protection (FRP) mechanism. This flaw allows an attacker to bypass the FRP by utilizing Talkback mode. Once in this mode, unauthorized actions can be performed, including the installation of third-party applications. This poses significant security risks as it allows potential intruders access to sensitive information following a factory reset.

Affected Version(s)

ALP-AL00B earlier than 9.0.0.181(C00E87R2P20T8)

ALP-L09 earlier than 9.0.0.201(C432E4R1P9)

ALP-L29 earlier than 9.0.0.177(C185E2R1P12T8)

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.