← back
CVE-2018-7928

CVE-2018-7928

EPSS 0.3%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Oct 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.
Affected products
Huawei Technologies Co., Ltd. · MyCloud

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en