CVE-2018-7944
CVE-2018-7944 is a medium-severity vulnerability in Huawei Emily-al00a Firmware with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.8)
- CVSS v2: 7.2
- EPSS exploit prediction: 0% (22nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Huawei Emily-al00a Firmware
- Published:
- Last modified:
Description
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.
Frequently asked questions
- What is CVE-2018-7944?
- Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.
- How severe is CVE-2018-7944?
- CVE-2018-7944 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2018-7944 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (22nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-7944?
- CVE-2018-7944 primarily affects Huawei Emily-al00a Firmware. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-7944?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-7944 published?
- CVE-2018-7944 was published on 2018-07-05 and last updated on 2026-06-17.
References
Affected products (2)
- cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.106\(sp2c00\):*:*:*:*:*:*:*
- cpe:2.3:o:huawei:emily-al00a_firmware:8.1.0.107\(sp5c00\):*:*:*:*:*:*:*
More vulnerabilities in Huawei Emily-al00a Firmware
- CVE-2019-5282 — High (CVSS 7.8): Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions…
- CVE-2018-7925 — Medium (CVSS 6.8): The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass…
- CVE-2018-7961 — Medium (CVSS 6.5): There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to…
- CVE-2019-5235 — Medium (CVSS 5.3): Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends…
- CVE-2018-7911 — Medium (CVSS 4.6): Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00),…
- CVE-2018-7947 — Low (CVSS 3.9): Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass…