Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
How to fix
Remediation Available
alp-al00b firmwareNVD
Affected:< 9.0.0.181(c00e87r2p20t8)Fixed in:9.0.0.181(c00e87r2p20t8)CVE-2019-19412derived from NVD
alp-l09 firmwareNVD
Affected:< 9.0.0.201(c432e4r1p9)Fixed in:9.0.0.201(c432e4r1p9)CVE-2019-19412derived from NVD
alp-l29 firmwareNVD
Affected:< 9.0.0.195(c636e2r1p12)Fixed in:9.0.0.195(c636e2r1p12)CVE-2019-19412derived from NVD
anne-al00 firmwareNVD
Affected:< 8.0.0.168(c00)Fixed in:8.0.0.168(c00)CVE-2019-19412derived from NVD
berkeley-al20 firmwareNVD
Affected:< 9.0.0.156(c00e156r2p14t8)Fixed in:9.0.0.156(c00e156r2p14t8)CVE-2019-19412derived from NVD
berkeley-l09 firmwareNVD
Affected:< 8.0.0.173(c636)Fixed in:8.0.0.173(c636)CVE-2019-19412derived from NVD
bla-al00b firmwareNVD
Affected:< 9.0.0.181(c00e88r2p15t8)Fixed in:9.0.0.181(c00e88r2p15t8)CVE-2019-19412derived from NVD
bla-l09c firmwareNVD
Affected:< 9.0.0.206(c432e4r1p11)Fixed in:9.0.0.206(c432e4r1p11)CVE-2019-19412derived from NVD
bla-l29c firmwareNVD
Affected:< 9.0.0.210(c635e4r1p13)Fixed in:9.0.0.210(c635e4r1p13)CVE-2019-19412derived from NVD
emily-l29c firmwareNVD
Affected:< 9.0.0.196(c635e2r1p11t8)Fixed in:9.0.0.196(c635e2r1p11t8)CVE-2019-19412derived from NVD
figo-l03 firmwareNVD
Affected:< 9.1.0.130(c605e6r1p5t8)Fixed in:9.1.0.130(c605e6r1p5t8)CVE-2019-19412derived from NVD
figo-l21 firmwareNVD
Affected:< 9.1.0.130(c635e6r1p5t8)Fixed in:9.1.0.130(c635e6r1p5t8)CVE-2019-19412derived from NVD
figo-l23 firmwareNVD
Affected:< 9.1.0.130(c605e6r1p5t8)Fixed in:9.1.0.130(c605e6r1p5t8)CVE-2019-19412derived from NVD
figo-l31 firmwareNVD
Affected:< 9.1.0.130(c432e8r1p5t8)Fixed in:9.1.0.130(c432e8r1p5t8)CVE-2019-19412derived from NVD
florida-l03 firmwareNVD
Affected:< 9.1.0.121(c605e5r1p1t8)Fixed in:9.1.0.121(c605e5r1p1t8)CVE-2019-19412derived from NVD
florida-l21 firmwareNVD
Affected:< 8.0.0.132(c185)Fixed in:8.0.0.132(c185)CVE-2019-19412derived from NVD
florida-l22 firmwareNVD
Affected:< 8.0.0.132(c636)Fixed in:8.0.0.132(c636)CVE-2019-19412derived from NVD
florida-l23 firmwareNVD
Affected:< 8.0.0.144(c605)Fixed in:8.0.0.144(c605)CVE-2019-19412derived from NVD
honor view 10 firmwareNVD
Affected:< 9.0.0.202(c567e6r1p12t8)Fixed in:9.0.0.202(c567e6r1p12t8)CVE-2019-19412derived from NVD
leland-al00a firmwareNVD
Affected:< 8.0.0.182(c00)Fixed in:8.0.0.182(c00)CVE-2019-19412derived from NVD
leland-l21a firmwareNVD
Affected:< 9.1.0.118(c636e4r1p1t8)Fixed in:9.1.0.118(c636e4r1p1t8)CVE-2019-19412derived from NVD
leland-l22a firmwareNVD
Affected:< 9.1.0.118(c636e4r1p1t8)Fixed in:9.1.0.118(c636e4r1p1t8)CVE-2019-19412derived from NVD
leland-l22c firmwareNVD
Affected:< 9.1.0.118(c636e4r1p1t8)Fixed in:9.1.0.118(c636e4r1p1t8)CVE-2019-19412derived from NVD
leland-l31a firmwareNVD
Affected:< 8.0.0.139(c432)Fixed in:8.0.0.139(c432)CVE-2019-19412derived from NVD
nova 3e firmwareNVD
Affected:< 8.0.0.172(c636)Fixed in:8.0.0.172(c636)CVE-2019-19412derived from NVD
p20 lite firmwareNVD
Affected:< 8.0.0.172(c636)Fixed in:8.0.0.172(c636)CVE-2019-19412derived from NVD
p smart firmwareNVD
Affected:< 9.1.0.124(c636e6r1p5t8)Fixed in:9.1.0.124(c636e6r1p5t8)CVE-2019-19412derived from NVD
y7s firmwareNVD
Affected:< 9.1.0.124(c636e6r1p5t8)Fixed in:9.1.0.124(c636e6r1p5t8)CVE-2019-19412derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityHigh
AvailabilityNone
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploit Intelligence
0.21%probability of exploitation in 30 days
12thpercentile
Low risk: more likely to be exploited than 12% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.