Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU24337
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19412
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass the FRP function.
The vulnerability exists due to a Factory Reset Protection (FRP) security bypass. When re-configuring the mobile phone using the FRP function, an attacker with physical access to the device can login the Talkback mode, perform some operations to install a third-Party application and bypass the FRP function.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei P-smart: before 9.1.0.130
Huawei Honor V10: before 9.0.0.202
Huawei ALP-AL00B: before 9.0.0.181
Huawei ALP-L09: before 9.0.0.201
Huawei ALP-L29: before 9.0.0.195
Huawei Anne-AL00: before 8.0.0.168
Huawei BLA-L09C: before 9.0.0.206
Huawei BLA-L29C: before 9.0.0.210
Huawei Berkeley-AL20: before 9.0.0.156
Huawei Berkeley-L09: before 8.0.0.173
Huawei Emily-L29C: before 9.0.0.193
Huawei Figo-L03: before 9.1.0.130
Huawei Figo-L21: before 9.1.0.130
Huawei Figo-L23: before 9.1.0.130
Huawei Figo-L31: before 9.1.0.130
Huawei Florida-L03: before 9.1.0.121
Huawei Florida-L21: before 8.0.0.132
Huawei Florida-L22: before 8.0.0.132
Huawei Florida-L23: before 8.0.0.144
Huawei Y7s: before 9.1.0.124
Huawei P20 lite: before 8.0.0.172
Huawei nova 3e: before 8.0.0.172
Huawei Leland-AL00A: before 8.0.0.182
Huawei Leland-L21A: before 9.1.0.118
Huawei Leland-L22A: before 9.1.0.118
Huawei Leland-L22C: before 9.1.0.118
Huawei Leland-L31A: before 8.0.0.139
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.