Factory Reset Protection (FRP) bypass in Huawei Smart Phones

Published: 2020-01-16

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-19412
CWE-ID	CWE-254
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	Huawei P-smart Client/Desktop applications / Multimedia software Huawei Honor V10 Client/Desktop applications / Multimedia software Huawei ALP-AL00B Client/Desktop applications / Multimedia software Huawei ALP-L09 Client/Desktop applications / Multimedia software Huawei ALP-L29 Client/Desktop applications / Multimedia software Huawei Anne-AL00 Client/Desktop applications / Multimedia software Huawei BLA-L09C Client/Desktop applications / Multimedia software Huawei BLA-L29C Client/Desktop applications / Multimedia software Huawei Berkeley-AL20 Client/Desktop applications / Multimedia software Huawei Berkeley-L09 Client/Desktop applications / Multimedia software Huawei Emily-L29C Client/Desktop applications / Multimedia software Huawei Figo-L03 Client/Desktop applications / Multimedia software Huawei Figo-L21 Client/Desktop applications / Multimedia software Huawei Figo-L23 Client/Desktop applications / Multimedia software Huawei Figo-L31 Client/Desktop applications / Multimedia software Huawei Florida-L03 Client/Desktop applications / Multimedia software Huawei Florida-L21 Client/Desktop applications / Multimedia software Huawei Florida-L22 Client/Desktop applications / Multimedia software Huawei Florida-L23 Client/Desktop applications / Multimedia software Huawei Y7s Client/Desktop applications / Multimedia software Huawei P20 lite Client/Desktop applications / Multimedia software Huawei nova 3e Client/Desktop applications / Multimedia software Huawei Leland-AL00A Client/Desktop applications / Multimedia software Huawei Leland-L21A Client/Desktop applications / Multimedia software Huawei Leland-L22A Client/Desktop applications / Multimedia software Huawei Leland-L22C Client/Desktop applications / Multimedia software Huawei Leland-L31A Client/Desktop applications / Multimedia software
Vendor	Huawei

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security Features

EUVDB-ID: #VU24337

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19412

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass the FRP function.

The vulnerability exists due to a Factory Reset Protection (FRP) security bypass. When re-configuring the mobile phone using the FRP function, an attacker with physical access to the device can login the Talkback mode, perform some operations to install a third-Party application and bypass the FRP function.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei P-smart: before 9.1.0.130

Huawei Honor V10: before 9.0.0.202

Huawei ALP-AL00B: before 9.0.0.181

Huawei ALP-L09: before 9.0.0.201

Huawei ALP-L29: before 9.0.0.177

Huawei Anne-AL00: before 8.0.0.168

Huawei BLA-L09C: before 9.0.0.206

Huawei BLA-L29C: before 9.0.0.210

Huawei Berkeley-AL20: before 9.0.0.156

Huawei Berkeley-L09: before 8.0.0.172

Huawei Emily-L29C: before 9.0.0.193

Huawei Figo-L03: before 9.1.0.130

Huawei Figo-L21: before 9.1.0.130

Huawei Figo-L23: before 9.1.0.130

Huawei Figo-L31: before 9.1.0.130

Huawei Florida-L03: before 9.1.0.121

Huawei Florida-L21: before 8.0.0.132

Huawei Florida-L22: before 8.0.0.132

Huawei Florida-L23: before 8.0.0.144

Huawei Y7s: before 9.1.0.124

Huawei P20 lite: before 8.0.0.157

Huawei nova 3e: before 8.0.0.172

Huawei Leland-AL00A: before 8.0.0.182

Huawei Leland-L21A: before 8.0.0.135

Huawei Leland-L22A: before 9.1.0.118

Huawei Leland-L22C: before 9.1.0.118

Huawei Leland-L31A: before 8.0.0.139

CPE2.3

cpe:2.3:a:huawei:huawei_p-smart:*:*:*:*:*:*:*:*

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?