CVE-2018-7911

Name of the Vulnerable Software and Affected Versions: Huawei ALP-AL00B versions 8.0.0.106(C00) through 8.0.0.129(SP2C01) Huawei BLA-TL00B versions 8.0.0.113(SP7C01) through 8.0.0.129(SP2C01) Huawei Charlotte-AL00A versions 8.1.0.105(SP7C00) through 8.1.0.109(SP5C00) Huawei Emily-AL00A versions 8.1.0.105(SP6C00) through 8.1.0.109(SP5C00) Huawei ALP-AL00B-RSC version 1.0.0.2

Description: The issue is related to a Factory Reset Protection (FRP) bypass security vulnerability in certain Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login to the configuration flow by using Gaode Map and perform some operations to update the Google account, resulting in the FRP function being bypassed.

Recommendations: For Huawei ALP-AL00B versions 8.0.0.106(C00) through 8.0.0.129(SP2C01), update the device to a newer version that contains a fix for this issue. For Huawei BLA-TL00B versions 8.0.0.113(SP7C01) through 8.0.0.129(SP2C01), update the device to a newer version that contains a fix for this issue. For Huawei Charlotte-AL00A versions 8.1.0.105(SP7C00) through 8.1.0.109(SP5C00), update the device to a newer version that contains a fix for this issue. For Huawei Emily-AL00A versions 8.1.0.105(SP6C00) through 8.1.0.109(SP5C00), update the device to a newer version that contains a fix for this issue. For Huawei ALP-AL00B-RSC version 1.0.0.2, update the device to a newer version that contains a fix for this issue.