CVE-2019-5220
Description
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insufficient permission verification in the setup wizard of Mate 20 X, Mate 20, and Honor Magic 2 allows an attacker with physical access to bypass Factory Reset Protection.
Vulnerability
A Factory Reset Protection (FRP) bypass vulnerability exists in the setup wizard of several Huawei and Honor smartphones. The system does not sufficiently verify the permission during certain operations in the setup wizard, allowing an attacker to bypass FRP. Affected products and versions: Mate 20 X (versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1)), Mate 20 (versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1)), and Honor Magic 2 (versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2)). [1]
Exploitation
An attacker requires physical access to the device and must be able to interact with the setup wizard. By performing a certain operation on a certain step of the setup wizard, the attacker can exploit the insufficient permission verification to bypass the FRP protection. The exact operation and step are not disclosed in the available references. [1]
Impact
A successful exploit allows the attacker to bypass the Factory Reset Protection (FRP) on the device. This enables unauthorized access to the device, potentially compromising confidentiality and integrity of user data stored on the phone. [1]
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved versions are: Mate 20 X (Ever-AL00B 9.0.0.200(C00E200R2P1)), Mate 20 (Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1)), and Honor Magic 2 (Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2)). Users should update to these or later versions to mitigate the issue. No workaround is mentioned in the advisory. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: < 9.0.0.182 (C00E180R2P2)
- Huawei/Honor Magic 2v5Range: Versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2)
- Huawei/Mate 20v5Range: Versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1)
- Huawei/Mate 20 Xv5Range: Versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190626-01-frp-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.