PT-2017-18161 · Huawei · Huawei Honor 5C

Zhang Qing

Published

2017-11-22

Updated

2017-12-11

CVE-2017-8152

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Huawei Honor 5S versions prior to TAG-TL00C01B173

Description The issue is related to a Factory Reset Protection (FRP) bypass security vulnerability due to improper design. An attacker can access the factory reset page without authorization by dialing a special code, allowing them to restore the phone to its factory settings.

Recommendations For versions prior to TAG-TL00C01B173, update to version TAG-TL00C01B173 or later to resolve the issue. As a temporary workaround, consider restricting access to the dialer function to minimize the risk of exploitation.

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

CVE-2017-8152

Affected Products

Huawei Honor 5C

PT-2017-18161 · Huawei · Huawei Honor 5C

CVE-2017-8152

Weakness Enumeration

Related Identifiers

Affected Products

References · 3