Description
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Affected Software
Related
{"id": "CVE-2017-2710", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2017-2710", "description": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.", "published": "2017-11-22T19:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2710", "reporter": "psirt@huawei.com", "references": ["http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", "http://www.securityfocus.com/bid/98712"], "cvelist": ["CVE-2017-2710"], "immutableFields": [], "lastseen": "2022-03-23T15:58:08", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "huawei", "idList": ["HUAWEI-SA-20170524-01-FRP"]}], "rev": 4}, "score": {"value": 4.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "huawei", "idList": ["HUAWEI-SA-20170524-01-FRP"]}]}, "exploitation": null, "vulnersScore": 4.8}, "_state": {"dependencies": 1659842931, "score": 1659788215, "affected_software_major_version": 1671571965}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:huawei:beethoven-w09a_firmware:btv-w09c233b029", "cpe:/o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005"], "cpe23": ["cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c229b002custc229d005", "operator": "eq", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c233b029", "operator": "eq", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c100b006custc100d002", "operator": "lt", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c128b003custc128d002", "operator": "lt", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c199b002custc199d002", "operator": "lt", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c209b005custc209d001", "operator": "lt", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:beethoven-w09a_firmware", "version": "btv-w09c331b002custc331d001", "operator": "lt", "name": "huawei beethoven-w09a firmware"}, {"cpeName": "huawei:crr-l09_firmware", "version": "crr-l09c432b390", "operator": "lt", "name": "huawei crr-l09 firmware"}, {"cpeName": "huawei:crr-l09_firmware", "version": "crr-l09c605b355custc605d003", "operator": "lt", "name": "huawei crr-l09 firmware"}], "affectedConfiguration": [{"name": "huawei beethoven-w09a", "cpeName": "huawei:beethoven-w09a", "version": "-", "operator": "eq"}, {"name": "huawei crr-l09", "cpeName": "huawei:crr-l09", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c100b006custc100d002:*:*:*:*:*:*:*", "versionEndExcluding": "btv-w09c100b006custc100d002", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c128b003custc128d002:*:*:*:*:*:*:*", "versionEndExcluding": "btv-w09c128b003custc128d002", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c199b002custc199d002:*:*:*:*:*:*:*", "versionEndExcluding": "btv-w09c199b002custc199d002", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c209b005custc209d001:*:*:*:*:*:*:*", "versionEndExcluding": "btv-w09c209b005custc209d001", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c331b002custc331d001:*:*:*:*:*:*:*", "versionEndExcluding": "btv-w09c331b002custc331d001", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:crr-l09_firmware:crr-l09c432b390:*:*:*:*:*:*:*", "versionEndExcluding": "crr-l09c432b390", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:huawei:crr-l09_firmware:crr-l09c605b355custc605d003:*:*:*:*:*:*:*", "versionEndExcluding": "crr-l09c605b355custc605d003", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", "refsource": "CONFIRM", "tags": ["Issue Tracking", "Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/98712", "name": "98712", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}]}
{"huawei": [{"lastseen": "2021-12-30T12:27:21", "description": "There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-02036)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2710.\n\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\n\n[http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en>)\n", "edition": 1, "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-24T00:00:00", "type": "huawei", "title": "Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2710"], "modified": "2017-05-24T00:00:00", "id": "HUAWEI-SA-20170524-01-FRP", "href": "https://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170524-01-frp-en", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}]}
CVE-2017-2710
