CVE-2017-8161

Name of the Vulnerable Software and Affected Versions EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions EVA-L09 smartphones with software Earlier than EVA-L09C440B140 versions EVA-L09 smartphones with software Earlier than EVA-L09C464B361 versions EVA-L09 smartphones with software Earlier than EVA-L09C675B320CUSTC675D004 versions

Description The issue allows an attacker to bypass the Factory Reset Protection (FRP) when re-configuring the mobile phone. By utilizing the FRP function, an attacker can login to Swype and perform operations to update the Google account, effectively bypassing the FRP function.

Recommendations For EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions, update to EVA-L09C25B150CUSTC25D003 or later. For EVA-L09 smartphones with software Earlier than EVA-L09C440B140 versions, update to EVA-L09C440B140 or later. For EVA-L09 smartphones with software Earlier than EVA-L09C464B361 versions, update to EVA-L09C464B361 or later. For EVA-L09 smartphones with software Earlier than EVA-L09C675B320CUSTC675D004 versions, update to EVA-L09C675B320CUSTC675D004 or later.