Vulnerabilites related to huawei - charlotte-al00a_firmware
cve-2018-7911
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
▼ | URL | Tags |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, |
Version: ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:37:59.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,", vendor: "Huawei Technologies Co., Ltd.", versions: [ { status: "affected", version: "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)", }, ], }, ], datePublic: "2018-08-22T00:00:00", descriptions: [ { lang: "en", value: "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.", }, ], problemTypes: [ { descriptions: [ { description: "FRP bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-23T13:57:01", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2018-7911", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,", version: { version_data: [ { version_value: "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)", }, ], }, }, ], }, vendor_name: "Huawei Technologies Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "FRP bypass", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2018-7911", datePublished: "2018-10-23T14:00:00", dateReserved: "2018-03-09T00:00:00", dateUpdated: "2024-08-05T06:37:59.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5235
Vulnerability from cvelistv5
Published
2019-12-13 23:09
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
References
▼ | URL | Tags |
---|---|---|
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B |
Version: Version Version: 9.1.0.206(C00E205R3P1) Version: 9.0.1.5(C735R1) Version: 9.1.0.1(C00R3) Version: 9.1.0.206 Version: 9.0.1.162(C01E160R2P3) Version: 8.2.0.170(C861) Version: 8.2.0.188(C00R2P1) Version: 8.2.0.163(C605) Version: 8.2.0.160(C185) Version: 8.2.0.156(C636R2P2) Version: 8.2.0.152(C45CUSTC45D1) Version: 8.2.0.162(C605) Version: 8.2.0.175(C00R2P4) Version: 8.2.0.190(C788R1P16) Version: 8.2.0.161(C675CUSTC675D1) Version: 8.2.0.165(C00R1P16) Version: 8.2.0.130(C461R1P1) Version: 8.2.0.130(C652CUSTC652D1) Version: 8.2.0.131(C10R2P2) Version: 8.2.0.136(C432CUSTC432D1) Version: 8.2.0.101(C10CUSTC10D1) Version: 8.2.0.101(C432CUSTC432D1) Version: 8.2.0.131(C55CUSTC55D1) Version: 8.2.0.105(C185R1P1) Version: 8.2.0.107(C636R2P1) Version: 8.2.0.103(C652CUSTC652D1) Version: 8.2.0.105(C185R2P1) Version: 8.2.0.130(C636CUSTC636D2) Version: 8.2.0.133(C605CUSTC605D1) Version: 8.2.0.155(C675R2P1) Version: 8.2.0.110(C652CUSTC652D1) Version: 8.2.0.100(C541CUSTC541D1) Version: 8.2.0.165(C01R1P16) Version: 9.1.0.208(C00E205R3P1) Version: 9.1.0.162(C00E160R2P1) Version: 9.1.0.12(C00R1) Version: 9.1.0.4(C735R1) Version: 9.1.0.162 Version: 9.1.0.161 Version: 9.1.0.162(C01E160R2P1) |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:47:56.874Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B", vendor: "n/a", versions: [ { status: "affected", version: "Version", }, { status: "affected", version: "9.1.0.206(C00E205R3P1)", }, { status: "affected", version: "9.0.1.5(C735R1)", }, { status: "affected", version: "9.1.0.1(C00R3)", }, { status: "affected", version: "9.1.0.206", }, { status: "affected", version: "9.0.1.162(C01E160R2P3)", }, { status: "affected", version: "8.2.0.170(C861)", }, { status: "affected", version: "8.2.0.188(C00R2P1)", }, { status: "affected", version: "8.2.0.163(C605)", }, { status: "affected", version: "8.2.0.160(C185)", }, { status: "affected", version: "8.2.0.156(C636R2P2)", }, { status: "affected", version: "8.2.0.152(C45CUSTC45D1)", }, { status: "affected", version: "8.2.0.162(C605)", }, { status: "affected", version: "8.2.0.175(C00R2P4)", }, { status: "affected", version: "8.2.0.190(C788R1P16)", }, { status: "affected", version: "8.2.0.161(C675CUSTC675D1)", }, { status: "affected", version: "8.2.0.165(C00R1P16)", }, { status: "affected", version: "8.2.0.130(C461R1P1)", }, { status: "affected", version: "8.2.0.130(C652CUSTC652D1)", }, { status: "affected", version: "8.2.0.131(C10R2P2)", }, { status: "affected", version: "8.2.0.136(C432CUSTC432D1)", }, { status: "affected", version: "8.2.0.101(C10CUSTC10D1)", }, { status: "affected", version: "8.2.0.101(C432CUSTC432D1)", }, { status: "affected", version: "8.2.0.131(C55CUSTC55D1)", }, { status: "affected", version: "8.2.0.105(C185R1P1)", }, { status: "affected", version: "8.2.0.107(C636R2P1)", }, { status: "affected", version: "8.2.0.103(C652CUSTC652D1)", }, { status: "affected", version: "8.2.0.105(C185R2P1)", }, { status: "affected", version: "8.2.0.130(C636CUSTC636D2)", }, { status: "affected", version: "8.2.0.133(C605CUSTC605D1)", }, { status: "affected", version: "8.2.0.155(C675R2P1)", }, { status: "affected", version: "8.2.0.110(C652CUSTC652D1)", }, { status: "affected", version: "8.2.0.100(C541CUSTC541D1)", }, { status: "affected", version: "8.2.0.165(C01R1P16)", }, { status: "affected", version: "9.1.0.208(C00E205R3P1)", }, { status: "affected", version: "9.1.0.162(C00E160R2P1)", }, { status: "affected", version: "9.1.0.12(C00R1)", }, { status: "affected", version: "9.1.0.4(C735R1)", }, { status: "affected", version: "9.1.0.162", }, { status: "affected", version: "9.1.0.161", }, { status: "affected", version: "9.1.0.162(C01E160R2P1)", }, ], }, ], descriptions: [ { lang: "en", value: "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.", }, ], problemTypes: [ { descriptions: [ { description: "null pointer dereference", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-13T23:09:32", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2019-5235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B", version: { version_data: [ { version_value: "Version", }, { version_value: "9.1.0.206(C00E205R3P1)", }, { version_value: "9.0.1.5(C735R1)", }, { version_value: "9.1.0.1(C00R3)", }, { version_value: "9.1.0.206(C00E205R3P1)", }, { version_value: "9.1.0.206", }, { version_value: "9.0.1.162(C01E160R2P3)", }, { version_value: "8.2.0.170(C861)", }, { version_value: "8.2.0.188(C00R2P1)", }, { version_value: "8.2.0.163(C605)", }, { version_value: "8.2.0.160(C185)", }, { version_value: "8.2.0.156(C636R2P2)", }, { version_value: "8.2.0.152(C45CUSTC45D1)", }, { version_value: "8.2.0.162(C605)", }, { version_value: "8.2.0.175(C00R2P4)", }, { version_value: "8.2.0.190(C788R1P16)", }, { version_value: "8.2.0.161(C675CUSTC675D1)", }, { version_value: "8.2.0.165(C00R1P16)", }, { version_value: "8.2.0.130(C461R1P1)", }, { version_value: "8.2.0.130(C652CUSTC652D1)", }, { version_value: "8.2.0.131(C10R2P2)", }, { version_value: "8.2.0.136(C432CUSTC432D1)", }, { version_value: "8.2.0.101(C10CUSTC10D1)", }, { version_value: "8.2.0.101(C432CUSTC432D1)", }, { version_value: "8.2.0.131(C55CUSTC55D1)", }, { version_value: "8.2.0.105(C185R1P1)", }, { version_value: "8.2.0.107(C636R2P1)", }, { version_value: "8.2.0.103(C652CUSTC652D1)", }, { version_value: "8.2.0.105(C185R2P1)", }, { version_value: "8.2.0.107(C636R2P1)", }, { version_value: "8.2.0.130(C636CUSTC636D2)", }, { version_value: "8.2.0.133(C605CUSTC605D1)", }, { version_value: "8.2.0.155(C675R2P1)", }, { version_value: "8.2.0.155(C675R2P1)", }, { version_value: "8.2.0.110(C652CUSTC652D1)", }, { version_value: "8.2.0.155(C675R2P1)", }, { version_value: "8.2.0.100(C541CUSTC541D1)", }, { version_value: "8.2.0.165(C01R1P16)", }, { version_value: "8.2.0.100(C541CUSTC541D1)", }, { version_value: "9.1.0.208(C00E205R3P1)", }, { version_value: "9.1.0.208(C00E205R3P1)", }, { version_value: "9.1.0.162(C00E160R2P1)", }, { version_value: "9.1.0.12(C00R1)", }, { version_value: "9.1.0.4(C735R1)", }, { version_value: "9.1.0.162(C00E160R2P1)", }, { version_value: "9.1.0.12(C00R1)", }, { version_value: "9.1.0.162", }, { version_value: "9.1.0.161", }, { version_value: "9.1.0.162(C01E160R2P1)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "null pointer dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en", refsource: "MISC", url: "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2019-5235", datePublished: "2019-12-13T23:09:32", dateReserved: "2019-01-04T00:00:00", dateUpdated: "2024-08-04T19:47:56.874Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-12-14 00:15
Modified
2024-11-21 04:44
Severity ?
Summary
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.153\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "00A30EA6-84A9-4549-8CA5-5E3F833C4A46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:alp-tl00b_firmware:8.0.0.129\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "19236304-3FC9-4377-B03E-5197CEA6A3A4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:alp-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "E7918CD6-341B-4FCC-BD31-30B8952192C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.129\\(sp2c786\\):*:*:*:*:*:*:*", matchCriteriaId: "99627A07-1127-4F96-B694-D2F4388BEF7E", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-al00b_firmware:8.0.0.153\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "E47AF090-F5FB-46CA-BEBA-7C465083CA72", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:bla-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "B11D6D9B-335B-404C-88F3-590DF9E5D878", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.129\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "EE5185C7-F99C-471C-9718-CC08FFEA49A5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:bla-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "BAAF02E9-8732-4E8E-8AA6-A422C200F9B6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.176\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "332ABD26-1EC2-40E3-A329-481914DAA717", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:charlotte-al00a:-:*:*:*:*:*:*:*", matchCriteriaId: "BC9EFA36-508E-42A6-83A5-D94273265400", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:charlotte-tl00b_firmware:8.1.0.176\\(c01\\):*:*:*:*:*:*:*", matchCriteriaId: "B57C9502-D755-4431-A097-FD485794B133", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:charlotte-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "31979014-C70F-49E9-A37F-A2A622AE9252", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:columbia-al10b_firmware:8.1.0.163\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "80721EA2-C5AE-4BD0-877C-43BB508A462F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:columbia-al10b:-:*:*:*:*:*:*:*", matchCriteriaId: "2F63CA2F-45B8-4DD3-81AE-8359929AE50B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:columbia-al10i_firmware:8.1.0.150\\(c675custc675d2\\):*:*:*:*:*:*:*", matchCriteriaId: "0119A5C2-D99B-43BE-A541-F067044866FE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:columbia-al10i:-:*:*:*:*:*:*:*", matchCriteriaId: "DFF16336-9CFE-4D67-852B-4C356E3C5951", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:columbia-l29d_firmware:8.1.0.146\\(c461\\):*:*:*:*:*:*:*", matchCriteriaId: "EAB4D5D8-F919-403D-9209-63C06FD21923", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:columbia-l29d_firmware:8.1.0.148\\(c185\\):*:*:*:*:*:*:*", matchCriteriaId: "920A33BF-DFDB-40A1-B893-3815C77A3751", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:columbia-l29d_firmware:8.1.0.151\\(c10\\):*:*:*:*:*:*:*", matchCriteriaId: "CF676A0A-0446-431B-81B3-E14149E1D764", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:columbia-l29d_firmware:8.1.0.151\\(c432\\):*:*:*:*:*:*:*", matchCriteriaId: "004FB686-8DE9-4C7A-BEBE-F37043F50A67", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:columbia-l29d:-:*:*:*:*:*:*:*", matchCriteriaId: "07042814-6B3A-4D7C-A776-02DA9AC9B8DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:columbia-tl00d_firmware:8.1.0.186\\(c01gt\\):*:*:*:*:*:*:*", matchCriteriaId: "7A6BCE3A-F806-48FE-8F22-FB77EA671584", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:columbia-tl00d:-:*:*:*:*:*:*:*", matchCriteriaId: "6BE1BB06-0403-4F46-AF76-DAD85D538907", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:elle-al00b_firmware:9.1.0.162\\(c00e160r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "6C3DEAC5-9F49-4967-BCD4-DCF58ACCBC61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:elle-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "0FE97479-E4F0-4C87-B6EE-EE4AE685DE5A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:elle-tl00b_firmware:9.1.0.162\\(c01e160r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "20316EA5-6D3C-4AC9-BBBB-621E12B4A437", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:elle-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "678B1753-1005-489F-B30A-76C49803FA5D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.190\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "4080BCCB-AE47-42D1-9570-989A20A2B0F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*", matchCriteriaId: "8AC84A74-7F01-4434-896C-B9B595984F23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:emily-tl00b_firmware:8.1.0.175\\(c01\\):*:*:*:*:*:*:*", matchCriteriaId: "2648D7A0-CE4D-4EAB-B571-407F46564D9F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:emily-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "010C3645-3C82-47F0-908C-9B4CFFC503CD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:ever-al00b_firmware:9.0.0.195\\(c00e195r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "66AEE44E-3E9A-45B5-9CB9-B9F0CDB4BE8B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:ever-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "264C7F11-D6CC-4DF7-8607-736179618A50", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:ever-l29b_firmware:9.0.0.206\\(c185e3r3p1\\):*:*:*:*:*:*:*", matchCriteriaId: "AB598092-85FC-4E96-A870-ACC2EF592D2F", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:ever-l29b_firmware:9.0.0.207\\(c636e3r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "DD1835B9-E25A-41DB-BB2C-9DD3603D4025", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:ever-l29b_firmware:9.0.0.208\\(c432e3r1p12\\):*:*:*:*:*:*:*", matchCriteriaId: "33553334-B4C0-42D0-8185-FD4337F54011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:ever-l29b:-:*:*:*:*:*:*:*", matchCriteriaId: "AEB4EC14-14DE-4AAF-A951-071B4E39270A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:harry-al00c_firmware:9.1.0.206\\(c00e205r3p1\\):*:*:*:*:*:*:*", matchCriteriaId: "57CD42F9-7611-452E-AD1C-E14493A02A70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:harry-al00c:-:*:*:*:*:*:*:*", matchCriteriaId: "9DF9FAC4-0A8C-463C-8E5C-64E33D145E52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:harry-al10b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "C41532B6-FE2A-4174-B1AA-074F08B64DEC", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:harry-al10b_firmware:9.1.0.206\\(c00e205r3p1\\):*:*:*:*:*:*:*", matchCriteriaId: "5395F144-E845-4AB2-A8AC-7A43BE3912A5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:harry-al10b:-:*:*:*:*:*:*:*", matchCriteriaId: "1A2BE361-1412-455E-A553-0CA9D14E4C1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:harry-tl00c_firmware:9.0.1.162\\(c01e160r2p3\\):*:*:*:*:*:*:*", matchCriteriaId: "DE8ADA57-076D-49BE-A354-25B95F1A676C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:harry-tl00c:-:*:*:*:*:*:*:*", matchCriteriaId: "E31013C1-26DA-4A6D-BBD4-BF0630EEEB66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:hima-al00b_firmware:9.0.0.200\\(c00e200r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "5DEC5474-D927-456A-8F9D-C854BDB7F968", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:hima-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "8C0592A2-8087-4847-8586-04ED842960D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:jackman-l21_firmware:8.2.0.160\\(c185\\):*:*:*:*:*:*:*", matchCriteriaId: "39F76953-3CB3-4CCF-A3A3-15267E9A49DE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:jackman-l21:-:*:*:*:*:*:*:*", matchCriteriaId: "15F105E1-6077-4FF3-8AD2-472A5DB68CA0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:jackman-l22_firmware:8.2.0.156\\(c636r2p2\\):*:*:*:*:*:*:*", matchCriteriaId: "3CEC1CAE-7461-4A57-B31D-98C16167B2B9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:jackman-l22:-:*:*:*:*:*:*:*", matchCriteriaId: "B99E236E-D36C-4FE9-93C2-10D01A3A7390", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:jackman-l23_firmware:8.2.0.152\\(c45custc45d1\\):*:*:*:*:*:*:*", matchCriteriaId: "41A59832-A342-449F-B4DC-4D4305F62ECF", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:jackman-l23_firmware:8.2.0.162\\(c605\\):*:*:*:*:*:*:*", matchCriteriaId: "9085E680-5AD9-42C6-8DAF-EDEC1E64AC75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:jackman-l23:-:*:*:*:*:*:*:*", matchCriteriaId: "AAB9A357-16B3-4CEE-B235-5B1E951D6719", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-al00ic_firmware:8.2.0.161\\(c675custc675d1\\):*:*:*:*:*:*:*", matchCriteriaId: "5D822874-5669-40AA-8113-7BEF544F80D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-al00ic:-:*:*:*:*:*:*:*", matchCriteriaId: "8844A56E-E1F2-4CD1-8E81-A4365CF10E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-al10c_firmware:8.2.0.165\\(c00r1p16\\):*:*:*:*:*:*:*", matchCriteriaId: "27F82E49-446A-4E37-B340-11A8BEA77EC6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-al10c:-:*:*:*:*:*:*:*", matchCriteriaId: "478E7A4C-C1EC-4D13-B06A-CA8E57C2690B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l21c_firmware:8.2.0.130\\(c461r1p1\\):*:*:*:*:*:*:*", matchCriteriaId: "496C59DA-9104-4C6C-BBB6-6E522D98CF81", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l21c_firmware:8.2.0.131\\(c10r2p2\\):*:*:*:*:*:*:*", matchCriteriaId: "24B9D430-FB96-45A3-A928-F7A7BCE4AFA4", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l21c_firmware:8.2.0.136\\(c432custc432d1\\):*:*:*:*:*:*:*", matchCriteriaId: "B55EFA94-43FA-442D-9D75-189BFC2368BA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l21c:-:*:*:*:*:*:*:*", matchCriteriaId: "067613ED-432F-457D-929E-238462AC53AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l21d_firmware:8.2.0.101\\(c10custc10d1\\):*:*:*:*:*:*:*", matchCriteriaId: "59A49059-37AB-448A-A5E4-592120B6F0DF", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l21d_firmware:8.2.0.101\\(c432custc432d1\\):*:*:*:*:*:*:*", matchCriteriaId: "B554E747-6A9A-4EDC-A743-72891D34B4E7", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l21d_firmware:8.2.0.131\\(c55custc55d1\\):*:*:*:*:*:*:*", matchCriteriaId: "CC9F79F8-8042-429B-9329-91B631E6FD40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l21d:-:*:*:*:*:*:*:*", matchCriteriaId: "EFDAF471-1498-4856-9ECD-8FB3F809D01E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l22c_firmware:8.2.0.105\\(c185r1p1\\):*:*:*:*:*:*:*", matchCriteriaId: "3800398A-9704-4380-A329-D4911D73AB5E", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l22c_firmware:8.2.0.107\\(c636r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "BA8F1D00-5BBF-43AD-8C92-D6FF6E5B2819", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l22c:-:*:*:*:*:*:*:*", matchCriteriaId: "BC60D552-5519-4020-9C45-E2EBC3700693", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l22d_firmware:8.2.0.105\\(c185r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "1455033B-FF7E-44B4-8ECF-250D961D4B49", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l22d_firmware:8.2.0.107\\(c636r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "636275C8-D825-4C66-BEFB-BB91BA8EB38D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l22d:-:*:*:*:*:*:*:*", matchCriteriaId: "1AB32655-E8FE-4058-B31C-052E609746C9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l23c_firmware:8.2.0.130\\(c636custc636d2\\):*:*:*:*:*:*:*", matchCriteriaId: "0309BA64-78C5-4790-84AC-AE38F9080F91", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-l23c_firmware:8.2.0.133\\(c605custc605d1\\):*:*:*:*:*:*:*", matchCriteriaId: "C0DC6487-720E-4722-A864-1FB7B5FB351C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l23c:-:*:*:*:*:*:*:*", matchCriteriaId: "2EF62125-1E21-47BE-835A-61243E3F690F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l42ic_firmware:8.2.0.155\\(c675r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "A014F6CA-21F5-40C1-A2B0-DBE4FBC262D8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l42ic:-:*:*:*:*:*:*:*", matchCriteriaId: "F72F9B44-B835-4A93-A2D0-1B1FF8FEA81F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l42ie_firmware:8.2.0.155\\(c675r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "1446494D-014E-4F07-AE60-F89C7EA56C0C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l42ie:-:*:*:*:*:*:*:*", matchCriteriaId: "3C91EE9E-C333-4D02-9184-29631948D0FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-l42if_firmware:8.2.0.155\\(c675r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "28656199-3BC2-4847-9468-D323DB37199E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-l42if:-:*:*:*:*:*:*:*", matchCriteriaId: "2EFE0746-31FB-4151-8D70-AAE0611CCDFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-tl00d_firmware:8.2.0.100\\(c541custc541d1\\):*:*:*:*:*:*:*", matchCriteriaId: "07548F3F-D36D-457B-9899-92BCBEF91B5F", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:johnson-tl00d_firmware:8.2.0.165\\(c01r1p16\\):*:*:*:*:*:*:*", matchCriteriaId: "8B4713A6-FF22-40C7-896E-C0D626AF6D2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-tl00d:-:*:*:*:*:*:*:*", matchCriteriaId: "566629E0-84F2-4DFA-A20E-2D20C472E4B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:johnson-tl00f_firmware:8.2.0.100\\(c541custc541d1\\):*:*:*:*:*:*:*", matchCriteriaId: "3563E6B0-881E-4854-99F5-196C7A7AA595", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:johnson-tl00f:-:*:*:*:*:*:*:*", matchCriteriaId: "0075F84C-492C-408D-941B-274A0A0C3B82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:laya-al00ep_firmware:9.0.0.201\\(c786e200r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "68BB4A88-06F2-46E5-B03A-A4450CA7CE40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:laya-al00ep:-:*:*:*:*:*:*:*", matchCriteriaId: "5B3A54AE-DC30-429B-8FB8-BE6EB933E685", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:neo-al00d_firmware:8.1.0.175\\(c786\\):*:*:*:*:*:*:*", matchCriteriaId: "581A0F86-A651-48E7-930A-3BD773C1AF0E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:neo-al00d:-:*:*:*:*:*:*:*", matchCriteriaId: "B4B07FEC-514D-4A51-B26B-02254A867DC5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:potter-al00c_firmware:9.1.0.208\\(c00e205r3p1\\):*:*:*:*:*:*:*", matchCriteriaId: "17A2F928-6CF8-408B-B3F4-CED7441B8307", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:potter-al00c:-:*:*:*:*:*:*:*", matchCriteriaId: "34141B01-DA8B-4029-B275-395AC11C40C4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:potter-al10a_firmware:9.1.0.208\\(c00e205r3p1\\):*:*:*:*:*:*:*", matchCriteriaId: "AEAE9002-378D-4466-AB62-A190C34AD61F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:potter-al10a:-:*:*:*:*:*:*:*", matchCriteriaId: "0CF01A3C-2E60-45B8-8D4E-58B5710FC40C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:princeton-al10b_firmware:9.1.0.211\\(c00e203r2p2\\):*:*:*:*:*:*:*", matchCriteriaId: "EE3A7EB6-8CC6-40CB-93B0-129E7E7A2483", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:princeton-al10b:-:*:*:*:*:*:*:*", matchCriteriaId: "D9F930E0-D32C-4D37-8A1D-78D4BFAECF37", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:princeton-al10d_firmware:9.1.0.212\\(c00e204r2p2\\):*:*:*:*:*:*:*", matchCriteriaId: "A5EC9D33-A11F-4F8F-BE37-9B8C4263EF95", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:princeton-al10d:-:*:*:*:*:*:*:*", matchCriteriaId: "11E6B825-CA55-4BEC-8279-3F33F7CC93EE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:princeton-al10i_firmware:9.0.1.150\\(c675e9r1p4\\):*:*:*:*:*:*:*", matchCriteriaId: "10A41D90-90FC-41C2-A5A3-B1A5CF7FB54D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:princeton-al10i:-:*:*:*:*:*:*:*", matchCriteriaId: "F5E9766B-FFB3-47F0-9C55-57F1C268109C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:princeton-tl10c_firmware:9.1.0.211\\(c01e203r2p2\\):*:*:*:*:*:*:*", matchCriteriaId: "CF0B7171-505A-4A24-8861-2533F9F10011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:princeton-tl10c:-:*:*:*:*:*:*:*", matchCriteriaId: "35F6A54F-E004-4BE7-A6A6-3E7C300DC498", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:tony-al00b_firmware:9.1.0.206\\(c00e200r2p3\\):*:*:*:*:*:*:*", matchCriteriaId: "4961A11C-A7A7-4AA1-BC36-F0D9FECC37B8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "0E14B978-2A3C-4F55-8E3A-BA41AB137C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:tony-tl00b_firmware:9.1.0.206\\(c01e200r2p3\\):*:*:*:*:*:*:*", matchCriteriaId: "AD232463-90AA-42BF-A569-F5BE483F27E9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:tony-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "BF11E947-FCDE-4EFD-A14D-5C2BD7BC5A56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:vogue-al00a_firmware:9.1.0.162\\(c00e160r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "D7B24E79-5313-4151-B2F3-11A411AF25C6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:vogue-al00a:-:*:*:*:*:*:*:*", matchCriteriaId: "973B0865-F7A6-4851-BEBE-6026E54CC04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:vogue-al00a-preload_firmware:9.1.0.12\\(c00r1\\):*:*:*:*:*:*:*", matchCriteriaId: "62F817EB-12AA-472D-8607-299352831E71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:vogue-al00a-preload:-:*:*:*:*:*:*:*", matchCriteriaId: "373003A1-4308-45DD-8A8D-607CEE7BBBFC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:vogue-al10c_firmware:9.1.0.162\\(c00e160r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "EADD0609-5B61-4605-B015-B0BF67E1D037", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:vogue-al10c:-:*:*:*:*:*:*:*", matchCriteriaId: "CD081515-6391-40B5-BAE5-162DFE3E2C30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:vogue-al10c-preload_firmware:9.1.0.12\\(c00r1\\):*:*:*:*:*:*:*", matchCriteriaId: "CC4DDD74-425B-4BA0-A64E-3E2300518EBB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:vogue-al10c-preload:-:*:*:*:*:*:*:*", matchCriteriaId: "71FCE443-E810-4011-AE70-117F37A18CFC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:vogue-tl00b_firmware:9.1.0.162\\(c01e160r2p1\\):*:*:*:*:*:*:*", matchCriteriaId: "865A13F6-B4F0-432D-8328-05E9D10A0FF6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:vogue-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "264C6E15-84C8-40D3-895D-15736062439F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.", }, { lang: "es", value: "Algunos teléfonos inteligentes Huawei tienen una vulnerabilidad de desreferencia del puntero null. Un atacante crea paquetes específicos y los envía al producto afectado para explotar esta vulnerabilidad. La explotación con éxito puede causar que el teléfono afectado sea anormal.", }, ], id: "CVE-2019-5235", lastModified: "2024-11-21T04:44:34.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-14T00:15:10.977", references: [ { source: "psirt@huawei.com", tags: [ "Vendor Advisory", ], url: "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en", }, ], sourceIdentifier: "psirt@huawei.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-23 14:29
Modified
2024-11-21 04:12
Severity ?
Summary
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.106\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "C52A7CD3-98AF-4E85-BFE3-971AA359DD8B", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "02F67A4B-843A-403B-992A-21F900A42291", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113\\(sp3c00\\):*:*:*:*:*:*:*", matchCriteriaId: "7D90101E-0AA9-401F-9435-8605865D8748", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.113\\(sp7c00\\):*:*:*:*:*:*:*", matchCriteriaId: "20F4536B-FAD3-4AF6-ADE4-AA458C6A82B9", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.118\\(c00\\):*:*:*:*:*:*:*", matchCriteriaId: "1F7D3A95-FFF4-4412-A709-BC1EA0EE9389", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.120\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "08348C88-FF3D-4B88-9B6F-A17D00965268", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.125\\(sp1c00\\):*:*:*:*:*:*:*", matchCriteriaId: "2F7A3D24-8394-4555-AC4C-876C92A39010", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.125\\(sp3c00\\):*:*:*:*:*:*:*", matchCriteriaId: "4A880D55-009A-40D2-AE2F-4A32F6288346", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.126\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "0984004A-45AE-4E0A-93AC-E17168189A41", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.126\\(sp5c00\\):*:*:*:*:*:*:*", matchCriteriaId: "DE1965F0-40F9-40CB-9A39-672278259C6C", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.127\\(sp1c00\\):*:*:*:*:*:*:*", matchCriteriaId: "9DA493CF-9670-4D6B-B5E8-20E44642FEC0", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:alp-al00b_firmware:8.0.0.128\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "C41D62FD-71CC-4583-A3CA-2509422EC6BE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*", matchCriteriaId: "0FA2B2F1-3D58-4DC7-AB7A-28BF8B282333", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:alp-al00b-rsc_firmware:1.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F2B6C500-CE64-48A3-95FC-A0F71C3AACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:alp-al00b-rsc:-:*:*:*:*:*:*:*", matchCriteriaId: "E7B7807E-41B3-4F39-938C-BF482E4FDC96", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.113\\(sp7c01\\):*:*:*:*:*:*:*", matchCriteriaId: "8EDA0CB0-04AD-46C2-8CD1-1BDAF2722DD1", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.118\\(c01\\):*:*:*:*:*:*:*", matchCriteriaId: "6C007A17-7F9F-4EC2-8DD7-01217B7B0C28", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.120\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "81BEF6F9-0FAD-4649-9AD8-056617A0A2B6", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.125\\(sp1c01\\):*:*:*:*:*:*:*", matchCriteriaId: "98013FF1-FE4D-4BE0-A715-6A22CB1AADD5", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.125\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "98B49194-20F5-4B0F-A1D0-394AFE4605A3", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.125\\(sp3c01\\):*:*:*:*:*:*:*", matchCriteriaId: "896D0A6F-C26D-4B6C-85FC-E50104BF2797", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.126\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "E002850B-AE9E-46A9-AEFF-FC1D2ACEDCC3", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.126\\(sp5c01\\):*:*:*:*:*:*:*", matchCriteriaId: "36AAB41E-781E-49A3-A596-619677D394FD", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.127\\(sp1c01\\):*:*:*:*:*:*:*", matchCriteriaId: "DDC92852-7AC5-4F6F-9BAD-51ABFE87B02F", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.128\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "BF5D8C88-4ACC-4663-904C-139D5F99C4C1", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:bla-tl00b_firmware:8.0.0.129\\(sp2c01\\):*:*:*:*:*:*:*", matchCriteriaId: "EE5185C7-F99C-471C-9718-CC08FFEA49A5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:bla-tl00b:-:*:*:*:*:*:*:*", matchCriteriaId: "BAAF02E9-8732-4E8E-8AA6-A422C200F9B6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.105\\(sp7c00\\):*:*:*:*:*:*:*", matchCriteriaId: "E73291B7-8420-4AB4-945E-B8332F888A62", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.106\\(sp3c00\\):*:*:*:*:*:*:*", matchCriteriaId: "6672D5B9-6A8D-444E-BC41-1F6FA6ADAB7B", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.107\\(sp5c00\\):*:*:*:*:*:*:*", matchCriteriaId: "188EBACC-FE71-4165-9DA5-D3C2A813E346", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.107\\(sp7c00\\):*:*:*:*:*:*:*", matchCriteriaId: "DA6DE6B7-A8A4-4976-8A1F-08307B5C6B80", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.108\\(sp3c00\\):*:*:*:*:*:*:*", matchCriteriaId: "44AC9C14-A4A2-4C13-8AD0-48D62257A2FD", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.108\\(sp6c00\\):*:*:*:*:*:*:*", matchCriteriaId: "D8D7827E-EF4C-4B2B-9555-2F635FE9331A", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:charlotte-al00a_firmware:8.1.0.109\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "146DB107-58BC-46A1-9E3D-7A2C969FEE33", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:charlotte-al00a:-:*:*:*:*:*:*:*", matchCriteriaId: "BC9EFA36-508E-42A6-83A5-D94273265400", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.105\\(sp6c00\\):*:*:*:*:*:*:*", matchCriteriaId: "9C5C604B-34FA-4519-92DE-BCCEC2271E1D", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.106\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "2385EEAB-9B82-4461-AE30-4B5E639A3A9A", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.107\\(sp5c00\\):*:*:*:*:*:*:*", matchCriteriaId: "11B6FE85-304B-4992-AA0C-0AD91AF057F2", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.107\\(sp7c00\\):*:*:*:*:*:*:*", matchCriteriaId: "7BCF76DE-308E-404D-85EF-08A109E22B44", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.108\\(sp2c00\\):*:*:*:*:*:*:*", matchCriteriaId: "BFF85F1B-9347-4923-98FE-F0E1A43BC17A", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.108\\(sp6c00\\):*:*:*:*:*:*:*", matchCriteriaId: "C636ADB6-FF53-46AF-BBD6-900EA2E2EFFD", vulnerable: true, }, { criteria: "cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.109\\(sp5c00\\):*:*:*:*:*:*:*", matchCriteriaId: "1A364F9D-1052-4CFC-8D68-6EFA8336D04D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*", matchCriteriaId: "8AC84A74-7F01-4434-896C-B9B595984F23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.", }, { lang: "es", value: "Algnos smartphones Huawei ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00) y 8.1.0.109(SP5C00) tienen una vulnerabilidad de omisión de seguridad de FRP (Factory Reset Protection). Al reconfigurar el teléfono móvil mediante la función FRP, un atacante puede iniciar sesión en el flujo de configuración por Gaode Map y puede realizar algunas operaciones para actualizar la cuenta de Google. Como resultado, se omite la función FRP.", }, ], id: "CVE-2018-7911", lastModified: "2024-11-21T04:12:57.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:N/I:C/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-23T14:29:04.437", references: [ { source: "psirt@huawei.com", tags: [ "Vendor Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en", }, ], sourceIdentifier: "psirt@huawei.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }