CVE-2019-19412

moderate-risk

Published 2020-06-08

Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Alp-Al00B Firmware

Alp-L09 Firmware

Alp-L29 Firmware

Anne-Al00 Firmware

Bla-Al00B Firmware

Bla-L09C Firmware

Bla-L29C Firmware

Berkeley-Al20 Firmware

Berkeley-L09 Firmware

Emily-L29C Firmware

Figo-L03 Firmware

Figo-L21 Firmware

Figo-L23 Firmware

Figo-L31 Firmware

Florida-L03 Firmware

Florida-L21 Firmware

Florida-L22 Firmware

Florida-L23 Firmware

P Smart Firmware

Y7S Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en

/ 100

moderate-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 22/34 · High