Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user’s smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.
emily-al00a
CVE-2018-7947
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.
CVE-2018-7961
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.
CVE-2018-7925
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability.
CVE-2019-5282
Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.