CVE-2017-2710 - Vulnerability Details - OpenCVE

BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Beethoven-w09a Beethoven-w09a Firmware Crr-l09 Crr-l09 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
http://www.securityfocus.com/bid/98712

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-22T19:00:00Z

Updated: 2024-09-16T22:46:35.371Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2710

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-22T19:29:00.943

Modified: 2024-11-21T03:24:01.760

Link: CVE-2017-2710

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Beethoven-W09A, CRR-L09", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}], "problemTypes": [{"descriptions": [{"description": "FRP Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-23T10:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98712"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Beethoven-W09A, CRR-L09", "version": {"version_data": [{"version_value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "FRP Bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98712"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.561Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98712"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2710", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T22:46:35.371Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*", "matchCriteriaId": "929EB58C-7E30-47A0-A660-EF4532395BF9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*", "matchCriteriaId": "637164D2-0F09-4077-B952-A918CF11D15F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8AC1C1F-10A4-4B2D-A5DB-8A44AF38EC3A", "versionEndExcluding": "btv-w09c100b006custc100d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05FD4EDF-B5C2-4FCE-ADF9-6240571FC754", "versionEndExcluding": "btv-w09c128b003custc128d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E5462AB-7C87-451B-B01C-4BDE9C3AFC73", "versionEndExcluding": "btv-w09c199b002custc199d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C9C3E58-2B26-4AE0-9351-6E9CF55A4412", "versionEndExcluding": "btv-w09c209b005custc209d001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "212B7634-E057-41AE-B24F-8A7C37327698", "versionEndExcluding": "btv-w09c331b002custc331d001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F048E2DD-1138-4A7E-B65F-347F3C46E1C6", "versionEndExcluding": "crr-l09c432b390", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FDB7E0B-D284-49CA-8752-5631AD172BD4", "versionEndExcluding": "crr-l09c605b355custc605d003", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "BTV-W09C229B002CUSTC229D005, BTV-W09C233B029, versiones anteriores a la BTV-W09C100B006CUSTC100D002, anteriores a la BTV-W09C128B003CUSTC128D002, anteriores a la BTV-W09C199B002CUSTC199D002, anteriores a la BTV-W09C209B005CUSTC209D001, anteriores a la BTV-W09C331B002CUSTC331D001, anteriores a la CRR-L09C432B390 y las versiones anteriores a la CRR-L09C605B355CUSTC605D003 tienen una vulnerabilidad de segurida de omisi\u00f3n de Factory Reset Protection (FRP). Al reconfigurar el tel\u00e9fono m\u00f3vil empleando la funci\u00f3n factory reset protection (FRP), un atacante puede realizar algunas operaciones para actualizar la cuenta de Google. Como resultado, se omite la funci\u00f3n FRP."}], "id": "CVE-2017-2710", "lastModified": "2024-11-21T03:24:01.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:00.943", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98712"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}