What is the severity of CVE-2018-7911?

CVE-2018-7911 has been assigned a high severity rating due to its potential to allow unauthorized access to sensitive information.

How do I fix CVE-2018-7911?

To remediate CVE-2018-7911, users should update their Huawei devices to the latest firmware version that addresses this vulnerability.

Which devices are affected by CVE-2018-7911?

CVE-2018-7911 affects specific Huawei devices including the ALP-AL00B and BLA-TL00B with various firmware versions listed in the CVE details.

What is the impact of CVE-2018-7911?

The impact of CVE-2018-7911 could include unauthorized access and data leakage from affected Huawei smartphones.

Is there a workaround for CVE-2018-7911?

Currently, there are no known workarounds for CVE-2018-7911, making firmware updates essential for protection.

Vulnerability/
CVE-2018-7911

medium

4.9

23/10/2018

5/8/2024

CVE-2018-7911

First published: Tue Oct 23 2018(Updated: )

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei ALP-AL00B-RSC Firmware	=8.0.0.106\(c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.113\(sp2c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.113\(sp3c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.113\(sp7c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.118\(c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.120\(sp2c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.125\(sp1c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.125\(sp3c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.126\(sp2c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.126\(sp5c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.127\(sp1c00\)
Huawei ALP-AL00B-RSC Firmware	=8.0.0.128\(sp2c00\)
Huawei ALP-AL00B-RSC Firmware
Huawei ALP-AL00B Firmware	=1.0.0.2
Huawei ALP-AL00B-RSC Firmware
Huawei BLA-TL00B	=8.0.0.113\(sp7c01\)
Huawei BLA-TL00B	=8.0.0.118\(c01\)
Huawei BLA-TL00B	=8.0.0.120\(sp2c01\)
Huawei BLA-TL00B	=8.0.0.125\(sp1c01\)
Huawei BLA-TL00B	=8.0.0.125\(sp2c01\)
Huawei BLA-TL00B	=8.0.0.125\(sp3c01\)
Huawei BLA-TL00B	=8.0.0.126\(sp2c01\)
Huawei BLA-TL00B	=8.0.0.126\(sp5c01\)
Huawei BLA-TL00B	=8.0.0.127\(sp1c01\)
Huawei BLA-TL00B	=8.0.0.128\(sp2c01\)
Huawei BLA-TL00B	=8.0.0.129\(sp2c01\)
Huawei BLA-TL00B Firmware
Huawei Charlotte-AL00A Firmware	=8.1.0.105\(sp7c00\)
Huawei Charlotte-AL00A Firmware	=8.1.0.106\(sp3c00\)
Huawei Charlotte-AL00A Firmware	=8.1.0.107\(sp5c00\)
Huawei Charlotte-AL00A Firmware	=8.1.0.107\(sp7c00\)
Huawei Charlotte-AL00A Firmware	=8.1.0.108\(sp3c00\)
Huawei Charlotte-AL00A Firmware	=8.1.0.108\(sp6c00\)
Huawei Charlotte-AL00A Firmware	=8.1.0.109\(sp2c00\)
Huawei Charlotte-AL00A Firmware
Huawei Emily-AL00A	=8.1.0.105\(sp6c00\)
Huawei Emily-AL00A	=8.1.0.106\(sp2c00\)
Huawei Emily-AL00A	=8.1.0.107\(sp5c00\)
Huawei Emily-AL00A	=8.1.0.107\(sp7c00\)
Huawei Emily-AL00A	=8.1.0.108\(sp2c00\)
Huawei Emily-AL00A	=8.1.0.108\(sp6c00\)
Huawei Emily-AL00A	=8.1.0.109\(sp5c00\)
Huawei Emily-AL00A firmware

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en

Frequently Asked Questions

What is the severity of CVE-2018-7911?
CVE-2018-7911 has been assigned a high severity rating due to its potential to allow unauthorized access to sensitive information.
How do I fix CVE-2018-7911?
To remediate CVE-2018-7911, users should update their Huawei devices to the latest firmware version that addresses this vulnerability.
Which devices are affected by CVE-2018-7911?
CVE-2018-7911 affects specific Huawei devices including the ALP-AL00B and BLA-TL00B with various firmware versions listed in the CVE details.
What is the impact of CVE-2018-7911?
The impact of CVE-2018-7911 could include unauthorized access and data leakage from affected Huawei smartphones.
Is there a workaround for CVE-2018-7911?
Currently, there are no known workarounds for CVE-2018-7911, making firmware updates essential for protection.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/huawei
canonical/huawei alp-al00b-rsc firmware
version/huawei alp-al00b-rsc firmware/8.0.0.106\(c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.113\(sp2c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.113\(sp3c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.113\(sp7c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.118\(c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.120\(sp2c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.125\(sp1c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.125\(sp3c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.126\(sp2c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.126\(sp5c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.127\(sp1c00\)
version/huawei alp-al00b-rsc firmware/8.0.0.128\(sp2c00\)
canonical/huawei alp-al00b firmware
version/huawei alp-al00b firmware/1.0.0.2
canonical/huawei bla-tl00b
version/huawei bla-tl00b/8.0.0.113\(sp7c01\)
version/huawei bla-tl00b/8.0.0.118\(c01\)
version/huawei bla-tl00b/8.0.0.120\(sp2c01\)
version/huawei bla-tl00b/8.0.0.125\(sp1c01\)
version/huawei bla-tl00b/8.0.0.125\(sp2c01\)
version/huawei bla-tl00b/8.0.0.125\(sp3c01\)
version/huawei bla-tl00b/8.0.0.126\(sp2c01\)
version/huawei bla-tl00b/8.0.0.126\(sp5c01\)
version/huawei bla-tl00b/8.0.0.127\(sp1c01\)
version/huawei bla-tl00b/8.0.0.128\(sp2c01\)
version/huawei bla-tl00b/8.0.0.129\(sp2c01\)
canonical/huawei bla-tl00b firmware
canonical/huawei charlotte-al00a firmware
version/huawei charlotte-al00a firmware/8.1.0.105\(sp7c00\)
version/huawei charlotte-al00a firmware/8.1.0.106\(sp3c00\)
version/huawei charlotte-al00a firmware/8.1.0.107\(sp5c00\)
version/huawei charlotte-al00a firmware/8.1.0.107\(sp7c00\)
version/huawei charlotte-al00a firmware/8.1.0.108\(sp3c00\)
version/huawei charlotte-al00a firmware/8.1.0.108\(sp6c00\)
version/huawei charlotte-al00a firmware/8.1.0.109\(sp2c00\)
canonical/huawei emily-al00a
version/huawei emily-al00a/8.1.0.105\(sp6c00\)
version/huawei emily-al00a/8.1.0.106\(sp2c00\)
version/huawei emily-al00a/8.1.0.107\(sp5c00\)
version/huawei emily-al00a/8.1.0.107\(sp7c00\)
version/huawei emily-al00a/8.1.0.108\(sp2c00\)
version/huawei emily-al00a/8.1.0.108\(sp6c00\)
version/huawei emily-al00a/8.1.0.109\(sp5c00\)
canonical/huawei emily-al00a firmware