Lucene search

[email protected]NVD:CVE-2017-8173

HistoryNov 22, 2017 - 7:29 p.m.

CVE-2017-8173

2017-11-2219:29:04

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Affected configurations

Nvd

Node

huaweimaya-l02_firmwareRange<maya-l02c636b126

AND

huaweimaya-l02Match-

Node

huaweivky-l09_firmwareRange<vky-l29c10b151

AND

huaweivky-l09Match-

Node

huaweivky-l29_firmwareRange<vtr-l29c10b151

AND

huaweivky-l29Match-

Node

huaweivicky-al00a_firmwareRange<vicky-al00ac00b162

AND

huaweivicky-al00aMatch-

Node

huaweivictoria-al00a_firmwareRange<victoria-al00ac00b167

AND

huaweivictoria-al00aMatch-

Node

huaweiwarsaw-al00_firmwareRange<warsaw-al00c00b200

AND

huaweiwarsaw-al00Match-

VendorProductVersionCPE
huaweimaya-l02_firmware*cpe:2.3:o:huawei:maya-l02_firmware:*:*:*:*:*:*:*:*
huaweimaya-l02-cpe:2.3:h:huawei:maya-l02:-:*:*:*:*:*:*:*
huaweivky-l09_firmware*cpe:2.3:o:huawei:vky-l09_firmware:*:*:*:*:*:*:*:*
huaweivky-l09-cpe:2.3:h:huawei:vky-l09:-:*:*:*:*:*:*:*
huaweivky-l29_firmware*cpe:2.3:o:huawei:vky-l29_firmware:*:*:*:*:*:*:*:*
huaweivky-l29-cpe:2.3:h:huawei:vky-l29:-:*:*:*:*:*:*:*
huaweivicky-al00a_firmware*cpe:2.3:o:huawei:vicky-al00a_firmware:*:*:*:*:*:*:*:*
huaweivicky-al00a-cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*
huaweivictoria-al00a_firmware*cpe:2.3:o:huawei:victoria-al00a_firmware:*:*:*:*:*:*:*:*
huaweivictoria-al00a-cpe:2.3:h:huawei:victoria-al00a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	maya-l02_firmware	*	cpe:2.3:o:huawei:maya-l02_firmware::::::::
huawei	maya-l02	-	cpe:2.3:h:huawei:maya-l02:-:::::::*
huawei	vky-l09_firmware	*	cpe:2.3:o:huawei:vky-l09_firmware::::::::
huawei	vky-l09	-	cpe:2.3:h:huawei:vky-l09:-:::::::*
huawei	vky-l29_firmware	*	cpe:2.3:o:huawei:vky-l29_firmware::::::::
huawei	vky-l29	-	cpe:2.3:h:huawei:vky-l29:-:::::::*
huawei	vicky-al00a_firmware	*	cpe:2.3:o:huawei:vicky-al00a_firmware::::::::
huawei	vicky-al00a	-	cpe:2.3:h:huawei:vicky-al00a:-:::::::*
huawei	victoria-al00a_firmware	*	cpe:2.3:o:huawei:victoria-al00a_firmware::::::::
huawei	victoria-al00a	-	cpe:2.3:h:huawei:victoria-al00a:-:::::::*

Rows per page:

1-10 of 121

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170715-01-frpbypass-en

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

Related for NVD:CVE-2017-8173

huawei1 prion1 cve1 cvelist1