Lucene search

[email protected]CVE-2019-19412

HistoryJun 08, 2020 - 7:15 p.m.

CVE-2019-19412

2020-06-0819:15:10

[email protected]

web.nvd.nist.gov

huawei

smartphones

security

vulnerability

frp

bypass

mobile

risk

exploit

third-party application

talkback mode

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.

Affected configurations

NVD

Node

huaweialp-al00bMatch-

AND

huaweialp-al00b_firmwareRange<9.0.0.181\(c00e87r2p20t8\)

Node

huaweialp-l09Match-

AND

huaweialp-l09_firmwareRange<9.0.0.201\(c432e4r1p9\)

Node

huaweialp-l29Match-

AND

huaweialp-l29_firmwareRange<9.0.0.177\(c185e2r1p12t8\)

Node

huaweialp-l29Match-

AND

huaweialp-l29_firmwareRange<9.0.0.195\(c636e2r1p12\)

Node

huaweianne-al00Match-

AND

huaweianne-al00_firmwareRange<8.0.0.168\(c00\)

Node

huaweibla-al00bMatch-

AND

huaweibla-al00b_firmwareRange<9.0.0.181\(c00e88r2p15t8\)

Node

huaweibla-l09cMatch-

AND

huaweibla-l09c_firmwareRange<9.0.0.177\(c185e2r1p13t8\)

Node

huaweibla-l09cMatch-

AND

huaweibla-l09c_firmwareRange<9.0.0.206\(c432e4r1p11\)

Node

huaweibla-l29c_firmwareRange<9.0.0.179\(c576e2r1p7t8\)

AND

huaweibla-l29cMatch-

Node

huaweibla-l29c_firmwareRange<9.0.0.194\(c185e2r1p13\)

AND

huaweibla-l29cMatch-

Node

huaweibla-l29c_firmwareRange<9.0.0.206\(c432e4r1p11\)

AND

huaweibla-l29cMatch-

Node

huaweibla-l29c_firmwareRange<9.0.0.210\(c635e4r1p13\)

AND

huaweibla-l29cMatch-

Node

huaweiberkeley-al20_firmwareRange<9.0.0.156\(c00e156r2p14t8\)

AND

huaweiberkeley-al20Match-

Node

huaweiberkeley-l09_firmwareRange<8.0.0.172\(c432\)

AND

huaweiberkeley-l09Match-

Node

huaweiberkeley-l09_firmwareRange<8.0.0.173\(c636\)

AND

huaweiberkeley-l09Match-

Node

huaweiemily-l29c_firmwareRange<9.0.0.159\(c185e2r1p12t8\)

AND

huaweiemily-l29cMatch-

Node

huaweiemily-l29c_firmwareRange<9.0.0.159\(c461e2r1p11t8\)

AND

huaweiemily-l29cMatch-

Node

huaweiemily-l29c_firmwareRange<9.0.0.160\(c432e7r1p11t8\)

AND

huaweiemily-l29cMatch-

Node

huaweiemily-l29c_firmwareRange<9.0.0.165\(c605e2r1p12\)

AND

huaweiemily-l29cMatch-

Node

huaweiemily-l29c_firmwareRange<9.0.0.168\(c636e7r1p13t8\)

AND

huaweiemily-l29cMatch-

Node

huaweiemily-l29c_firmwareRange<9.0.0.168\(c782e3r1p11t8\)

AND

huaweiemily-l29cMatch-

Node

huaweiemily-l29c_firmwareRange<9.0.0.196\(c635e2r1p11t8\)

AND

huaweiemily-l29cMatch-

Node

huaweifigo-l03_firmwareRange<9.1.0.130\(c605e6r1p5t8\)

AND

huaweifigo-l03Match-

Node

huaweifigo-l21_firmwareRange<9.1.0.130\(c185e6r1p5t8\)

AND

huaweifigo-l21Match-

Node

huaweifigo-l21_firmwareRange<9.1.0.130\(c635e6r1p5t8\)

AND

huaweifigo-l21Match-

Node

huaweifigo-l23_firmwareRange<9.1.0.130\(c605e6r1p5t8\)

AND

huaweifigo-l23Match-

Node

huaweifigo-l31_firmwareRange<9.1.0.130\(c432e8r1p5t8\)

AND

huaweifigo-l31Match-

Node

huaweiflorida-l03_firmwareRange<9.1.0.121\(c605e5r1p1t8\)

AND

huaweiflorida-l03Match-

Node

huaweiflorida-l21_firmwareRange<8.0.0.129\(c605\)

AND

huaweiflorida-l21Match-

Node

huaweiflorida-l21_firmwareRange<8.0.0.131\(c432\)

AND

huaweiflorida-l21Match-

Node

huaweiflorida-l21_firmwareRange<8.0.0.132\(c185\)

AND

huaweiflorida-l21Match-

Node

huaweiflorida-l22_firmwareRange<8.0.0.132\(c636\)

AND

huaweiflorida-l22Match-

Node

huaweiflorida-l23_firmwareRange<8.0.0.144\(c605\)

AND

huaweiflorida-l23Match-

Node

huaweip_smart_firmwareRange<9.1.0.130\(c185e6r1p5t8\)

AND

huaweip_smartMatch-

Node

huaweip_smart_firmwareRange<9.1.0.130\(c605e6r1p5t8\)

AND

huaweip_smartMatch-

Node

huaweip_smart_firmwareRange<9.1.0.124\(c636e6r1p5t8\)

AND

huaweip_smartMatch-

Node

huaweiy7s_firmwareRange<9.1.0.124\(c636e6r1p5t8\)

AND

huaweiy7sMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.148\(c635\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.155\(c185\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.155\(c605\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.156\(c605\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.157\(c432\)

AND

huaweip20_liteMatch-

Node

huaweinova_3e_firmwareRange<8.0.0.147\(c461\)

AND

huaweinova_3eMatch-

Node

huaweinova_3e_firmwareRange<8.0.0.148\(zafc185\)

AND

huaweinova_3eMatch-

Node

huaweinova_3e_firmwareRange<8.0.0.160\(c185\)

AND

huaweinova_3eMatch-

Node

huaweinova_3e_firmwareRange<8.0.0.160\(c605\)

AND

huaweinova_3eMatch-

Node

huaweinova_3e_firmwareRange<8.0.0.168\(c432\)

AND

huaweinova_3eMatch-

Node

huaweinova_3e_firmwareRange<8.0.0.172\(c636\)

AND

huaweinova_3eMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.147\(c461\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.148\(zafc185\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.160\(c185\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.160\(c605\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.168\(c432\)

AND

huaweip20_liteMatch-

Node

huaweip20_lite_firmwareRange<8.0.0.172\(c636\)

AND

huaweip20_liteMatch-

Node

huaweihonor_view_10_firmwareRange<9.0.0.202\(c567e6r1p12t8\)

AND

huaweihonor_view_10Match-

Node

huaweileland-al00a_firmwareRange<8.0.0.182\(c00\)

AND

huaweileland-al00aMatch-

Node

huaweileland-l21a_firmwareRange<8.0.0.135\(c185\)

AND

huaweileland-l21aMatch-

Node

huaweileland-l21a_firmwareRange<9.1.0.118\(c636e4r1p1t8\)

AND

huaweileland-l21aMatch-

Node

huaweileland-l22a_firmwareRange<9.1.0.118\(c636e4r1p1t8\)

AND

huaweileland-l22aMatch-

Node

huaweileland-l22c_firmwareRange<9.1.0.118\(c636e4r1p1t8\)

AND

huaweileland-l22cMatch-

Node

huaweileland-l31a_firmwareRange<8.0.0.139\(c432\)

AND

huaweileland-l31aMatch-

CPENameOperatorVersion
huawei:alp-al00b_firmwarehuawei alp-al00b firmwarelt9.0.0.181\(c00e87r2p20t8\)

CPE	Name	Operator	Version
huawei:alp-al00b_firmware	huawei alp-al00b firmware	lt	9.0.0.181\(c00e87r2p20t8\)

CNA Affected

[
  {
    "product": "ALP-AL00B",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.181(C00E87R2P20T8)"
      }
    ]
  },
  {
    "product": "ALP-L09",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.201(C432E4R1P9)"
      }
    ]
  },
  {
    "product": "ALP-L29",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.177(C185E2R1P12T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.195(C636E2R1P12)"
      }
    ]
  },
  {
    "product": "Anne-AL00",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.168(C00)"
      }
    ]
  },
  {
    "product": "BLA-AL00B",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.181(C00E88R2P15T8)"
      }
    ]
  },
  {
    "product": "BLA-L09C",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.177(C185E2R1P13T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.206(C432E4R1P11)"
      }
    ]
  },
  {
    "product": "BLA-L29C",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.179(C576E2R1P7T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.194(C185E2R1P13)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.206(C432E4R1P11)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.210(C635E4R1P13)"
      }
    ]
  },
  {
    "product": "Berkeley-AL20",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.156(C00E156R2P14T8)"
      }
    ]
  },
  {
    "product": "Berkeley-L09",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.172(C432)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.173(C636)"
      }
    ]
  },
  {
    "product": "Emily-L29C",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.159(C185E2R1P12T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.159(C461E2R1P11T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.160(C432E7R1P11T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.165(C605E2R1P12)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.168(C636E7R1P13T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.168(C782E3R1P11T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.0.0.196(C635E2R1P11T8)"
      }
    ]
  },
  {
    "product": "Figo-L03",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C605E6R1P5T8)"
      }
    ]
  },
  {
    "product": "Figo-L21",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C185E6R1P5T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C635E6R1P5T8)"
      }
    ]
  },
  {
    "product": "Figo-L23",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C605E6R1P5T8)"
      }
    ]
  },
  {
    "product": "Figo-L31",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C432E8R1P5T8)"
      }
    ]
  },
  {
    "product": "Florida-L03",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.121(C605E5R1P1T8)"
      }
    ]
  },
  {
    "product": "Florida-L21",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.129(C605)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.131(C432)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.132(C185)"
      }
    ]
  },
  {
    "product": "Florida-L22",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.132(C636)"
      }
    ]
  },
  {
    "product": "Florida-L23",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.144(C605)"
      }
    ]
  },
  {
    "product": "HUAWEI P smart",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C185E6R1P5T8)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.1.0.130(C605E6R1P5T8)"
      }
    ]
  },
  {
    "product": "HUAWEI P smart,HUAWEI Y7s",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.124(C636E6R1P5T8)"
      }
    ]
  },
  {
    "product": "HUAWEI P20 lite",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.148(C635)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.155(C185)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.155(C605)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.156(C605)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.157(C432)"
      }
    ]
  },
  {
    "product": "HUAWEI nova 3e,HUAWEI P20 lite",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.147(C461)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.148(ZAFC185)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.160(C185)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.160(C605)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.168(C432)"
      },
      {
        "status": "affected",
        "version": "earlier than 8.0.0.172(C636)"
      }
    ]
  },
  {
    "product": "Honor View 10",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.0.0.202(C567E6R1P12T8)"
      }
    ]
  },
  {
    "product": "Leland-AL00A",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.182(C00)"
      }
    ]
  },
  {
    "product": "Leland-L21A",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.135(C185)"
      },
      {
        "status": "affected",
        "version": "earlier than 9.1.0.118(C636E4R1P1T8)"
      }
    ]
  },
  {
    "product": "Leland-L22A",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.118(C636E4R1P1T8)"
      }
    ]
  },
  {
    "product": "Leland-L22C",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 9.1.0.118(C636E4R1P1T8)"
      }
    ]
  },
  {
    "product": "Leland-L31A",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "earlier than 8.0.0.139(C432)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for CVE-2019-19412

nvd1 prion1 cvelist1 huawei1