FKIE_CVE-2017-2710

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37
Severity ?
4.6 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.
References
psirt@huawei.comhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-enIssue Tracking, Vendor Advisory
psirt@huawei.comhttp://www.securityfocus.com/bid/98712Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-enIssue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98712Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
huawei beethoven-w09a_firmware btv-w09c229b002custc229d005
huawei beethoven-w09a -
huawei beethoven-w09a_firmware btv-w09c233b029
huawei beethoven-w09a -
huawei beethoven-w09a_firmware *
huawei beethoven-w09a -
huawei beethoven-w09a_firmware *
huawei beethoven-w09a -
huawei beethoven-w09a_firmware *
huawei beethoven-w09a -
huawei beethoven-w09a_firmware *
huawei beethoven-w09a -
huawei beethoven-w09a_firmware *
huawei beethoven-w09a -
huawei crr-l09_firmware *
huawei crr-l09 -
huawei crr-l09_firmware *
huawei crr-l09 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*",
              "matchCriteriaId": "929EB58C-7E30-47A0-A660-EF4532395BF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*",
              "matchCriteriaId": "637164D2-0F09-4077-B952-A918CF11D15F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8AC1C1F-10A4-4B2D-A5DB-8A44AF38EC3A",
              "versionEndExcluding": "btv-w09c100b006custc100d002",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05FD4EDF-B5C2-4FCE-ADF9-6240571FC754",
              "versionEndExcluding": "btv-w09c128b003custc128d002",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5462AB-7C87-451B-B01C-4BDE9C3AFC73",
              "versionEndExcluding": "btv-w09c199b002custc199d002",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C9C3E58-2B26-4AE0-9351-6E9CF55A4412",
              "versionEndExcluding": "btv-w09c209b005custc209d001",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "212B7634-E057-41AE-B24F-8A7C37327698",
              "versionEndExcluding": "btv-w09c331b002custc331d001",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F048E2DD-1138-4A7E-B65F-347F3C46E1C6",
              "versionEndExcluding": "crr-l09c432b390",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDB7E0B-D284-49CA-8752-5631AD172BD4",
              "versionEndExcluding": "crr-l09c605b355custc605d003",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."
    },
    {
      "lang": "es",
      "value": "BTV-W09C229B002CUSTC229D005, BTV-W09C233B029, versiones anteriores a la BTV-W09C100B006CUSTC100D002, anteriores a la BTV-W09C128B003CUSTC128D002, anteriores a la BTV-W09C199B002CUSTC199D002, anteriores a la BTV-W09C209B005CUSTC209D001, anteriores a la BTV-W09C331B002CUSTC331D001, anteriores a la CRR-L09C432B390 y las versiones anteriores a la CRR-L09C605B355CUSTC605D003 tienen una vulnerabilidad de segurida de omisi\u00f3n de Factory Reset Protection (FRP). Al reconfigurar el tel\u00e9fono m\u00f3vil empleando la funci\u00f3n factory reset protection (FRP), un atacante puede realizar algunas operaciones para actualizar la cuenta de Google. Como resultado, se omite la funci\u00f3n FRP."
    }
  ],
  "id": "CVE-2017-2710",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:00.943",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98712"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.