PT-2017-18169 · Huawei · Eva-L09
Published
2017-11-22
·
Updated
2019-10-03
·
CVE-2017-8161
CVSS v2.0
4.9
Medium
| Vector | AV:L/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions
EVA-L09 smartphones with software Earlier than EVA-L09C440B140 versions
EVA-L09 smartphones with software Earlier than EVA-L09C464B361 versions
EVA-L09 smartphones with software Earlier than EVA-L09C675B320CUSTC675D004 versions
Description
The issue allows an attacker to bypass the Factory Reset Protection (FRP) when re-configuring the mobile phone. By utilizing the FRP function, an attacker can login to Swype and perform operations to update the Google account, effectively bypassing the FRP function.
Recommendations
For EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions, update to EVA-L09C25B150CUSTC25D003 or later.
For EVA-L09 smartphones with software Earlier than EVA-L09C440B140 versions, update to EVA-L09C440B140 or later.
For EVA-L09 smartphones with software Earlier than EVA-L09C464B361 versions, update to EVA-L09C464B361 or later.
For EVA-L09 smartphones with software Earlier than EVA-L09C675B320CUSTC675D004 versions, update to EVA-L09C675B320CUSTC675D004 or later.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eva-L09