Lucene search

Huawei TechnologiesHUAWEI-SA-20170524-01-FRP

HistoryMay 24, 2017 - 12:00 a.m.

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

2017-05-2400:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.7%

JSON

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-02036)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2710.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en

Affected configurations

Vulners

Node

huaweibeethoven-w09aMatchbtv-w09c229b002custc229d005

huaweibeethoven-w09aMatchbtv-w09c233b029

huaweibeethoven-w09aRange<BTV-W09C100B006CUSTC100D002

huaweibeethoven-w09aRange<BTV-W09C128B003CUSTC128D002

huaweibeethoven-w09aRange<BTV-W09C199B002CUSTC199D002

huaweibeethoven-w09aRange<BTV-W09C209B005CUSTC209D001

huaweibeethoven-w09aRange<BTV-W09C331B002CUSTC331D001

huaweicrr-l09Range<CRR-L09C432B390

huaweicrr-l09Range<CRR-L09C605B355CUSTC605D003

CPENameOperatorVersion
beethoven-w09aeqBTV-W09C229B002CUSTC229D005
beethoven-w09aeqBTV-W09C233B029
beethoven-w09altBTV-W09C100B006CUSTC100D002
beethoven-w09altBTV-W09C128B003CUSTC128D002
beethoven-w09altBTV-W09C199B002CUSTC199D002
beethoven-w09altBTV-W09C209B005CUSTC209D001
beethoven-w09altBTV-W09C331B002CUSTC331D001
crr-l09ltCRR-L09C432B390
crr-l09ltCRR-L09C605B355CUSTC605D003

Name	Operator	Version
beethoven-w09a	eq	BTV-W09C229B002CUSTC229D005
beethoven-w09a	eq	BTV-W09C233B029
beethoven-w09a	lt	BTV-W09C100B006CUSTC100D002
beethoven-w09a	lt	BTV-W09C128B003CUSTC128D002
beethoven-w09a	lt	BTV-W09C199B002CUSTC199D002
beethoven-w09a	lt	BTV-W09C209B005CUSTC209D001
beethoven-w09a	lt	BTV-W09C331B002CUSTC331D001
crr-l09	lt	CRR-L09C432B390
crr-l09	lt	CRR-L09C605B355CUSTC605D003

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for HUAWEI-SA-20170524-01-FRP