CVE-2018-7939 · threatengine.sh

Home/CVE/Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versi

CVE

CVE-2018-7939

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versi

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed.

MEDIUM · CVSS 4.6 EPSS 0.00027

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

19

huawei g9 lite firmware< vns-l53c605b120custc605d103
huawei honor 5a firmware< cam-l03c605b143custc605d008
huawei honor 5a firmware< cam-l21c10b145
huawei honor 5a firmware< cam-l21c185b156
huawei honor 5a firmware< cam-l21c223b133
huawei honor 5a firmware< cam-l21c432b210
huawei honor 5a< cam-l21c464b170
huawei honor 5a firmware< cam-l21c636b245
Show all 19 affected productshuawei honor 6x firmware< berlin-l21c10b372
huawei honor 6x firmware< berlin-l21c185b363
huawei honor 6x firmware< berlin-l21c464b137
huawei honor 6x firmware< berlin-l23c605b161
huawei honor 8 firmware< frd-l09c10b387
huawei honor 8 firmware< frd-l09c185b387
huawei honor 8 firmware< frd-l09c432b398
huawei honor 8 firmware< frd-l09c636b387
huawei honor 8 firmware< frd-l19c10b387
huawei honor 8 firmware< frd-l19c432b399
huawei honor 8 firmware< frd-l19c636b387

▣

Scoring & Timeline

4.6

MEDIUM · CVSS v3.0 · psirt@huawei.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD12 Sep 2018 · 03:29 PM

CVSS VectorCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

🔗

References & Sources

1

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180905-01-frpbypass-enVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin