CVE-2017-2710 - Vulnerability Details - OpenCVE

Description

BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Published: 2017-11-22

Score: 4.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Huawei Technologies Co., Ltd.

Beethoven-W09A, CRR-L09

affected

Version	Status	Constraints
`BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2017-11853	BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
http://www.securityfocus.com/bid/98712

History

No history.

Subscriptions

Huawei Beethoven-w09a Beethoven-w09a Firmware Crr-l09 Crr-l09 Firmware

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-11-22T19:00:00.000Z

Updated: 2024-09-16T22:46:35.371Z

Reserved: 2016-12-01T00:00:00.000Z

Link: CVE-2017-2710

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-22T19:29:00.943

Modified: 2026-05-13T00:24:29.033

Link: CVE-2017-2710

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Beethoven-W09A, CRR-L09", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,"}]}], "datePublic": "2017-11-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}], "problemTypes": [{"descriptions": [{"description": "FRP Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-23T10:57:01.000Z", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98712"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-2710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Beethoven-W09A, CRR-L09", "version": {"version_data": [{"version_value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions,"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "FRP Bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98712"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.561Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"name": "98712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98712"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-2710", "datePublished": "2017-11-22T19:00:00.000Z", "dateReserved": "2016-12-01T00:00:00.000Z", "dateUpdated": "2024-09-16T22:46:35.371Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c229b002custc229d005:*:*:*:*:*:*:*", "matchCriteriaId": "929EB58C-7E30-47A0-A660-EF4532395BF9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:btv-w09c233b029:*:*:*:*:*:*:*", "matchCriteriaId": "637164D2-0F09-4077-B952-A918CF11D15F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8AC1C1F-10A4-4B2D-A5DB-8A44AF38EC3A", "versionEndExcluding": "btv-w09c100b006custc100d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05FD4EDF-B5C2-4FCE-ADF9-6240571FC754", "versionEndExcluding": "btv-w09c128b003custc128d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E5462AB-7C87-451B-B01C-4BDE9C3AFC73", "versionEndExcluding": "btv-w09c199b002custc199d002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C9C3E58-2B26-4AE0-9351-6E9CF55A4412", "versionEndExcluding": "btv-w09c209b005custc209d001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:beethoven-w09a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "212B7634-E057-41AE-B24F-8A7C37327698", "versionEndExcluding": "btv-w09c331b002custc331d001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:beethoven-w09a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C3359-8792-48EF-BF72-540A65B5A535", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F048E2DD-1138-4A7E-B65F-347F3C46E1C6", "versionEndExcluding": "crr-l09c432b390", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:crr-l09_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FDB7E0B-D284-49CA-8752-5631AD172BD4", "versionEndExcluding": "crr-l09c605b355custc605d003", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:crr-l09:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA595177-C2DC-4573-BE82-A4626E308F3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed."}, {"lang": "es", "value": "BTV-W09C229B002CUSTC229D005, BTV-W09C233B029, versiones anteriores a la BTV-W09C100B006CUSTC100D002, anteriores a la BTV-W09C128B003CUSTC128D002, anteriores a la BTV-W09C199B002CUSTC199D002, anteriores a la BTV-W09C209B005CUSTC209D001, anteriores a la BTV-W09C331B002CUSTC331D001, anteriores a la CRR-L09C432B390 y las versiones anteriores a la CRR-L09C605B355CUSTC605D003 tienen una vulnerabilidad de segurida de omisi\u00f3n de Factory Reset Protection (FRP). Al reconfigurar el tel\u00e9fono m\u00f3vil empleando la funci\u00f3n factory reset protection (FRP), un atacante puede realizar algunas operaciones para actualizar la cuenta de Google. Como resultado, se omite la funci\u00f3n FRP."}], "id": "CVE-2017-2710", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:00.943", "references": [{"source": "psirt@huawei.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98712"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}