CVE-2018-7991
First published: Tue Sep 18 2018(Updated: )
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Mate 10 firmware | <alp-al00b_8.0.0.110\(c00\) | |
| Huawei Mate10 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-7991?
CVE-2018-7991 has a medium severity rating due to its enabling of unauthorized access and data manipulation.
How do I fix CVE-2018-7991?
To fix CVE-2018-7991, update the Huawei Mate10 to the firmware version ALP-AL00B 8.0.0.110(C00) or later.
What does CVE-2018-7991 vulnerability involve?
CVE-2018-7991 involves a Factory Reset Protection bypass vulnerability due to insufficient permission verification.
Which devices are affected by CVE-2018-7991?
CVE-2018-7991 affects Huawei Mate10 smartphones with firmware versions earlier than ALP-AL00B 8.0.0.110(C00).
Can CVE-2018-7991 be exploited remotely?
CVE-2018-7991 requires physical access to the device, and therefore cannot be exploited remotely.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei mate 10 firmware
- canonical/huawei mate10 firmware