Factory Reset Protection Bypass in Huawei Smartphones
CVE-2019-19412
4.6MEDIUM
Summary
Huawei smartphones are impacted by a vulnerability in their Factory Reset Protection (FRP) mechanism. This flaw allows an attacker to bypass the FRP by utilizing Talkback mode. Once in this mode, unauthorized actions can be performed, including the installation of third-party applications. This poses significant security risks as it allows potential intruders access to sensitive information following a factory reset.
Affected Version(s)
ALP-AL00B earlier than 9.0.0.181(C00E87R2P20T8)
ALP-L09 earlier than 9.0.0.201(C432E4R1P9)
ALP-L29 earlier than 9.0.0.177(C185E2R1P12T8)
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved