CVE-2018-7940
Description
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei Mate 10 and Mate 10 Pro phones before version 8.0.0.129(SP2C00/SP2C01) allow an attacker with physical high privilege to bypass the device activation function.
Vulnerability
The vulnerability exists in Huawei Mate 10 and Mate 10 Pro smart phones running versions earlier than 8.0.0.129(SP2C00) (for Mate 10) and earlier than 8.0.0.129(SP2C01) (for Mate 10 Pro) [1]. It is an authentication bypass flaw that allows an attacker to bypass the device activation function [1]. The attack requires the attacker to have high privilege access to the smart phone physically [1].
Exploitation
An attacker with high privilege (e.g., root access or physical control of the device) can perform specific operations to bypass the activation function [1]. The advisory does not detail the exact sequence of operations required, but the attacker must have physical possession of the phone and elevated privileges to execute the bypass [1].
Impact
Successful exploitation allows the attacker to bypass the phone's activation function [1]. This could potentially enable the attacker to use the device without proper authentication, circumventing security checks such as factory reset protection or device registration [1]. The impact is limited to bypassing activation and does not necessarily grant full device access beyond that [1].
Mitigation
Huawei has released software updates to fix the vulnerability. The resolved versions are ALP-AL00B 8.0.0.129(SP2C00) for HUAWEI Mate 10 and BLA-TL00B 8.0.0.129(SP2C01) for HUAWEI Mate 10 Pro [1]. Users should upgrade to these or later versions. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: < 8.0.0.129(SP2C01)
- Huawei Technologies Co., Ltd./HUAWEI Mate 10, HUAWEI Mate 10 Prov5Range: earlier versions than 8.0.0.129(SP2C00), earlier versions than 8.0.0.129(SP2C01)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-mobile-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.