cnvd - cnvd-2018-12773

CNVD-2018-12773

Vulnerability from cnvd - Published: 2018-07-10

Title

Huawei Emily-AL00A越权漏洞

Description

Huawei Emily-AL00A是中国华为（Huawei）公司的一款智能手机设备。 Huawei Emily-AL00A 8.1.0.106(SP2C00)版本和8.1.0.107(SP5C00)中存在安全漏洞。攻击者可通过获得用户手机后，在开机向导中执行特殊操作利用该漏洞绕过FRP功能，正常使用手机。

Severity

中

Patch Name

Huawei Emily-AL00A越权漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180622-01-bypass-cn

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en

Impacted products

Name
['Huawei Emily-AL00A 8.1.0.106(SP2C00)', 'Huawei Emily-AL00A 8.1.0.107(SP5C00)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7944"
    }
  },
  "description": "Huawei Emily-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u8bbe\u5907\u3002\r\n\r\nHuawei Emily-AL00A 8.1.0.106(SP2C00)\u7248\u672c\u548c8.1.0.107(SP5C00)\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u83b7\u5f97\u7528\u6237\u624b\u673a\u540e\uff0c\u5728\u5f00\u673a\u5411\u5bfc\u4e2d\u6267\u884c\u7279\u6b8a\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7FRP\u529f\u80fd\uff0c\u6b63\u5e38\u4f7f\u7528\u624b\u673a\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180622-01-bypass-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12773",
  "openTime": "2018-07-10",
  "patchDescription": "Huawei Emily-AL00A\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u8bbe\u5907\u3002\r\n\r\nHuawei Emily-AL00A 8.1.0.106(SP2C00)\u7248\u672c\u548c8.1.0.107(SP5C00)\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u83b7\u5f97\u7528\u6237\u624b\u673a\u540e\uff0c\u5728\u5f00\u673a\u5411\u5bfc\u4e2d\u6267\u884c\u7279\u6b8a\u64cd\u4f5c\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7FRP\u529f\u80fd\uff0c\u6b63\u5e38\u4f7f\u7528\u624b\u673a\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Emily-AL00A\u8d8a\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Emily-AL00A 8.1.0.106(SP2C00)",
      "Huawei Emily-AL00A 8.1.0.107(SP5C00)"
    ]
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-09",
  "title": "Huawei Emily-AL00A\u8d8a\u6743\u6f0f\u6d1e"
}

CVE-2018-7944 (GCVE-0-2018-7944)

Vulnerability from cvelistv5 – Published: 2018-07-05 18:00 – Updated: 2024-08-05 06:37

Summary

Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.

Severity ?

No CVSS data available.

CWE

Factory Reset Protection (FRP) bypass

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Emily-AL00A	Affected: 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Emily-AL00A",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.0.106(SP2C00) and 8.1.0.107(SP5C00)"
            }
          ]
        }
      ],
      "datePublic": "2018-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user\u0027s smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Factory Reset Protection (FRP) bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-05T17:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2018-7944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Emily-AL00A",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.0.106(SP2C00) and 8.1.0.107(SP5C00)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user\u0027s smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Factory Reset Protection (FRP) bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2018-7944",
    "datePublished": "2018-07-05T18:00:00",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-12773

CVE-2018-7944 (GCVE-0-2018-7944)

Tags

Sightings

Nomenclature