CVE-2017-2710 - Vulnerability Details - OpenCVE

BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei Subscribe	Beethoven-w09a Subscribe Beethoven-w09a Firmware Subscribe Crr-l09 Subscribe Crr-l09 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2017-11853	BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
http://www.securityfocus.com/bid/98712

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-22T19:00:00Z

Updated: 2024-09-16T22:46:35.371Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2710

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-11-22T19:29:00.943

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-2710

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Beethoven-W09A, CRR-L09", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}], "problemTypes": [{"descriptions": [{"description": "FRP Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-23T10:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98712"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Beethoven-W09A, CRR-L09", "version": {"version_data": [{"version_value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "FRP Bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98712"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.561Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98712"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2710", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T22:46:35.371Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*", "matchCriteriaId": "929EB58C-7E30-47A0-A660-EF4532395BF9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*", "matchCriteriaId": "637164D2-0F09-4077-B952-A918CF11D15F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8AC1C1F-10A4-4B2D-A5DB-8A44AF38EC3A", "versionEndExcluding": "btv-w09c100b006custc100d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05FD4EDF-B5C2-4FCE-ADF9-6240571FC754", "versionEndExcluding": "btv-w09c128b003custc128d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E5462AB-7C87-451B-B01C-4BDE9C3AFC73", "versionEndExcluding": "btv-w09c199b002custc199d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C9C3E58-2B26-4AE0-9351-6E9CF55A4412", "versionEndExcluding": "btv-w09c209b005custc209d001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "212B7634-E057-41AE-B24F-8A7C37327698", "versionEndExcluding": "btv-w09c331b002custc331d001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F048E2DD-1138-4A7E-B65F-347F3C46E1C6", "versionEndExcluding": "crr-l09c432b390", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FDB7E0B-D284-49CA-8752-5631AD172BD4", "versionEndExcluding": "crr-l09c605b355custc605d003", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "BTV-W09C229B002CUSTC229D005, BTV-W09C233B029, versiones anteriores a la BTV-W09C100B006CUSTC100D002, anteriores a la BTV-W09C128B003CUSTC128D002, anteriores a la BTV-W09C199B002CUSTC199D002, anteriores a la BTV-W09C209B005CUSTC209D001, anteriores a la BTV-W09C331B002CUSTC331D001, anteriores a la CRR-L09C432B390 y las versiones anteriores a la CRR-L09C605B355CUSTC605D003 tienen una vulnerabilidad de segurida de omisi\u00f3n de Factory Reset Protection (FRP). Al reconfigurar el tel\u00e9fono m\u00f3vil empleando la funci\u00f3n factory reset protection (FRP), un atacante puede realizar algunas operaciones para actualizar la cuenta de Google. Como resultado, se omite la funci\u00f3n FRP."}], "id": "CVE-2017-2710", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:00.943", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98712"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}