CVE-2017-2710

low-risk
Published 2017-11-22

BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (4)

Crr-L09 Firmware
Beethoven-W09A Firmware
Beethoven-W09A Firmware
Beethoven-W09A Firmware

Affected Vendors

Huawei

References (4)

Issue Tracking http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
Third Party Advisory http://www.securityfocus.com/bid/98712
Issue Tracking http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
Third Party Advisory http://www.securityfocus.com/bid/98712
26
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 10/34 · Low