CVE-2017-8161
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/11/2017
Last modified:
20/04/2025
Description
EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Impact
Base Score 3.x
4.60
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:huawei:eva-l09:*:*:*:*:*:*:*:* | eva-l09c25b150custc25d003 (excluding) | |
| cpe:2.3:h:huawei:eva-l09:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:eva-l09:*:*:*:*:*:*:*:* | eva-l09c440b140 (excluding) | |
| cpe:2.3:h:huawei:eva-l09:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:eva-l09:*:*:*:*:*:*:*:* | eva-l09c464b361 (excluding) | |
| cpe:2.3:h:huawei:eva-l09:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:huawei:eva-l09:*:*:*:*:*:*:*:* | l09c675b320custc675d004 (excluding) | |
| cpe:2.3:h:huawei:eva-l09:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page