Vulnerabilites related to Huawei - Mate10
CVE-2018-7991 (GCVE-0-2018-7991)
Vulnerability from cvelistv5
Published
2018-09-18 13:00
Modified
2024-08-05 06:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- FRP bypass
Summary
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate10 |
Version: Versions earlier before ALP-AL00B 8.0.0.110(C00) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Versions earlier before ALP-AL00B 8.0.0.110(C00)"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-18T12:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10",
"version": {
"version_data": [
{
"version_value": "Versions earlier before ALP-AL00B 8.0.0.110(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7991",
"datePublished": "2018-09-18T13:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5219 (GCVE-0-2019-5219)
Vulnerability from cvelistv5
Published
2019-06-06 14:41
Modified
2024-08-04 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- double free
Summary
There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)"
}
]
}
],
"datePublic": "2019-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:41:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5219",
"datePublished": "2019-06-06T14:41:52",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-09-18 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | mate10_firmware | * | |
| huawei | mate10 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:mate10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "868C45FE-53A7-4C56-BB6B-3CB9FAC74EE8",
"versionEndExcluding": "alp-al00b_8.0.0.110\\(c00\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:mate10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B92B0F46-7FB7-48C8-8C62-A378BDB02D08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page."
},
{
"lang": "es",
"value": "Los smartphones Huawei Mate 10 en versiones anteriores a la ALP-AL00B 8.0.0.110(C00) tienen una vulnerabilidad de seguridad de omisi\u00f3n de Factory Reset Protection (FRP). El sistema no verifica lo suficiente el permiso, por lo que un atacante puede utilizar un cable de datos para conectar el smartphone al ordenador y realizar algunas operaciones espec\u00edficas. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante omita la protecci\u00f3n FRP para acceder a la p\u00e1gina de opciones del sistema."
}
],
"id": "CVE-2018-7991",
"lastModified": "2024-11-21T04:13:02.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-18T13:29:01.220",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}