Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU24337
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-19412
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass the FRP function.
The vulnerability exists due to a Factory Reset Protection (FRP) security bypass. When re-configuring the mobile phone using the FRP function, an attacker with physical access to the device can login the Talkback mode, perform some operations to install a third-Party application and bypass the FRP function.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei P-smart: before 9.1.0.130
Huawei Honor V10: before 9.0.0.202
Huawei ALP-AL00B: before 9.0.0.181
Huawei ALP-L09: before 9.0.0.201
Huawei ALP-L29: before 9.0.0.195
Huawei Anne-AL00: before 8.0.0.168
Huawei BLA-L09C: before 9.0.0.206
Huawei BLA-L29C: before 9.0.0.210
Huawei Berkeley-AL20: before 9.0.0.156
Huawei Berkeley-L09: before 8.0.0.173
Huawei Emily-L29C: before 9.0.0.193
Huawei Figo-L03: before 9.1.0.130
Huawei Figo-L21: before 9.1.0.130
Huawei Figo-L23: before 9.1.0.130
Huawei Figo-L31: before 9.1.0.130
Huawei Florida-L03: before 9.1.0.121
Huawei Florida-L21: before 8.0.0.132
Huawei Florida-L22: before 8.0.0.132
Huawei Florida-L23: before 8.0.0.144
Huawei Y7s: before 9.1.0.124
Huawei P20 lite: before 8.0.0.172
Huawei nova 3e: before 8.0.0.172
Huawei Leland-AL00A: before 8.0.0.182
Huawei Leland-L21A: before 9.1.0.118
Huawei Leland-L22A: before 9.1.0.118
Huawei Leland-L22C: before 9.1.0.118
Huawei Leland-L31A: before 8.0.0.139
CPE2.3 External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?