CVE-2019-19412

Summary

Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.

Affected Software

VendorProductVersion RangeStatus
HuaweiALP-AL00Bearlier than 9.0.0.181(C00E87R2P20T8)affected
HuaweiALP-L09earlier than 9.0.0.201(C432E4R1P9)affected
HuaweiALP-L29earlier than 9.0.0.177(C185E2R1P12T8)affected
HuaweiALP-L29earlier than 9.0.0.195(C636E2R1P12)affected
HuaweiAnne-AL00earlier than 8.0.0.168(C00)affected
HuaweiBLA-AL00Bearlier than 9.0.0.181(C00E88R2P15T8)affected
HuaweiBLA-L09Cearlier than 9.0.0.177(C185E2R1P13T8)affected
HuaweiBLA-L09Cearlier than 9.0.0.206(C432E4R1P11)affected
HuaweiBLA-L29Cearlier than 9.0.0.179(C576E2R1P7T8)affected
HuaweiBLA-L29Cearlier than 9.0.0.194(C185E2R1P13)affected
HuaweiBLA-L29Cearlier than 9.0.0.206(C432E4R1P11)affected
HuaweiBLA-L29Cearlier than 9.0.0.210(C635E4R1P13)affected
HuaweiBerkeley-AL20earlier than 9.0.0.156(C00E156R2P14T8)affected
HuaweiBerkeley-L09earlier than 8.0.0.172(C432)affected
HuaweiBerkeley-L09earlier than 8.0.0.173(C636)affected
HuaweiEmily-L29Cearlier than 9.0.0.159(C185E2R1P12T8)affected
HuaweiEmily-L29Cearlier than 9.0.0.159(C461E2R1P11T8)affected
HuaweiEmily-L29Cearlier than 9.0.0.160(C432E7R1P11T8)affected
HuaweiEmily-L29Cearlier than 9.0.0.165(C605E2R1P12)affected
HuaweiEmily-L29Cearlier than 9.0.0.168(C636E7R1P13T8)affected
HuaweiEmily-L29Cearlier than 9.0.0.168(C782E3R1P11T8)affected
HuaweiEmily-L29Cearlier than 9.0.0.196(C635E2R1P11T8)affected
HuaweiFigo-L03earlier than 9.1.0.130(C605E6R1P5T8)affected
HuaweiFigo-L21earlier than 9.1.0.130(C185E6R1P5T8)affected
HuaweiFigo-L21earlier than 9.1.0.130(C635E6R1P5T8)affected
HuaweiFigo-L23earlier than 9.1.0.130(C605E6R1P5T8)affected
HuaweiFigo-L31earlier than 9.1.0.130(C432E8R1P5T8)affected
HuaweiFlorida-L03earlier than 9.1.0.121(C605E5R1P1T8)affected
HuaweiFlorida-L21earlier than 8.0.0.129(C605)affected
HuaweiFlorida-L21earlier than 8.0.0.131(C432)affected
HuaweiFlorida-L21earlier than 8.0.0.132(C185)affected
HuaweiFlorida-L22earlier than 8.0.0.132(C636)affected
HuaweiFlorida-L23earlier than 8.0.0.144(C605)affected
HuaweiHUAWEI P smartearlier than 9.1.0.130(C185E6R1P5T8)affected
HuaweiHUAWEI P smartearlier than 9.1.0.130(C605E6R1P5T8)affected
HuaweiHUAWEI P smart,HUAWEI Y7searlier than 9.1.0.124(C636E6R1P5T8)affected
HuaweiHUAWEI P20 liteearlier than 8.0.0.148(C635)affected
HuaweiHUAWEI P20 liteearlier than 8.0.0.155(C185)affected
HuaweiHUAWEI P20 liteearlier than 8.0.0.155(C605)affected
HuaweiHUAWEI P20 liteearlier than 8.0.0.156(C605)affected
HuaweiHUAWEI P20 liteearlier than 8.0.0.157(C432)affected
HuaweiHUAWEI nova 3e,HUAWEI P20 liteearlier than 8.0.0.147(C461)affected
HuaweiHUAWEI nova 3e,HUAWEI P20 liteearlier than 8.0.0.148(ZAFC185)affected
HuaweiHUAWEI nova 3e,HUAWEI P20 liteearlier than 8.0.0.160(C185)affected
HuaweiHUAWEI nova 3e,HUAWEI P20 liteearlier than 8.0.0.160(C605)affected
HuaweiHUAWEI nova 3e,HUAWEI P20 liteearlier than 8.0.0.168(C432)affected
HuaweiHUAWEI nova 3e,HUAWEI P20 liteearlier than 8.0.0.172(C636)affected
HuaweiHonor View 10earlier than 9.0.0.202(C567E6R1P12T8)affected
HuaweiLeland-AL00Aearlier than 8.0.0.182(C00)affected
HuaweiLeland-L21Aearlier than 8.0.0.135(C185)affected
HuaweiLeland-L21Aearlier than 9.1.0.118(C636E4R1P1T8)affected
HuaweiLeland-L22Aearlier than 9.1.0.118(C636E4R1P1T8)affected
HuaweiLeland-L22Cearlier than 9.1.0.118(C636E4R1P1T8)affected
HuaweiLeland-L31Aearlier than 8.0.0.139(C432)affected

Weaknesses

  • FRP Bypass

ADP Enrichment

CVE Program Container

Additional References

References