{"api_version":"1","generated_at":"2026-04-23T06:19:21+00:00","cve":"CVE-2019-5297","urls":{"html":"https://cve.report/CVE-2019-5297","api":"https://cve.report/api/cve/CVE-2019-5297.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5297","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5297"},"summary":{"title":"CVE-2019-5297","description":"Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2019-06-04 19:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5297","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5297","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"5297","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"emily-l29c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5297","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"emily-l29c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5297","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"emily-l29c_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5297","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"emily-l29c_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-5297","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Huawei","product":{"product_data":[{"product_name":"Emily-L29C","version":{"version_data":[{"version_value":"Version Earlier Than 9.0.0.159(C185E2R1P12T8)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"FRP bypass"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en","url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190305-01-frp-en"}]},"description":{"description_data":[{"lang":"eng","value":"Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone."}]}},"nvd":{"publishedDate":"2019-06-04 19:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.0.159","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5297","Ordinal":"142913","Title":"CVE-2019-5297","CVE":"CVE-2019-5297","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5297","Ordinal":"1","NoteData":"Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"5297","Ordinal":"2","NoteData":"2019-06-04","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"5297","Ordinal":"3","NoteData":"2019-06-04","Type":"Other","Title":"Modified"}]}}}