CVE-2017-8152
MEDIUM
4,6
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM
4,9
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: complete
Availability: none
Description
AI Translation Available
Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 91 Days)
358
Improperly Implemented Security Check for Standard
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
Operating System
Honor 5S Firmware by Huawei
Version Range Affected
To
tag-tl00c01b173
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:honor_5s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartp…
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-02-smartp…