CVE-2017-2721

Published Nov 22, 2017

Last updated 5 years ago

CVSS medium 4.6

Overview

Description: Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.6
Impact score: 3.6
Exploitability score: 0.9
Vector string: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c10b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D190578-F8E6-42A0-81B4-C33AC051370D"
          },
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l21_firmware:berlin-l21c185b133:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BA23A15-22A5-4424-904F-0D11B865D457"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:berlin-l21:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C723516F-04EB-48E5-9057-7FB1DACB5D28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l21hn_firmware:berlin-l21hnc10b131:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FFE0AB8-C343-49D9-A8FA-62A716054321"
          },
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l21hn_firmware:berlin-l21hnc185b140:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDA9E3BF-4F10-4181-9BA8-1260BCD76771"
          },
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l21hn_firmware:berlin-l21hnc432b151:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35D67B5C-C1BC-4D95-8F14-19A0A6CDB14B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:berlin-l21hn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E2E8FDB9-B279-4D37-BBC3-9625AB5E42DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l22_firmware:berlin-l22c636b160:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD33173D-04F8-42B5-845A-649BE0BC1FE1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:berlin-l22:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8A1D3863-B8D9-4D1B-BA06-C88E65FFF74F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l22hn_firmware:berlin-l22hnc636b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDA42835-4E1B-48EF-A479-AF4C87C8FBEA"
          },
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l22hn_firmware:berlin-l22hnc675b150custc675d001:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F16F024-D188-407C-8EAA-B25748251543"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:berlin-l22hn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D7CE4AF-0685-4F25-9A81-09D2428C0684"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l23_firmware:berlin-l23c605b131:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D149B33F-FDEE-40C6-BC7E-463F53A443F7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:berlin-l23:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EA727F8-6B56-43B2-A7A1-D143CB966244"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:berlin-l24hn_firmware:berlin-l24hnc567b110:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D85173B7-8D3A-4FC2-8AFE-A44B708506F3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:berlin-l24hn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BD5F797F-5F22-4B2A-82E5-B26EBAA786AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:frd-l02_firmware:frd-l02c432b120:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEDE951B-421D-4648-BD77-833E6EA8CBC1"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l02_firmware:frd-l02c635b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F596F50-62B4-4D0F-B794-B416748B00F3"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l02_firmware:frd-l02c675b170custc675d001:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "013058BA-B3A9-4A17-8E6A-9C2898580BA9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:frd-l02:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4523530C-316E-418A-B30B-5D28C25C3D90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:frd-l04_firmware:frd-l04c567b162:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04516652-36D6-45DB-99F3-B4EF0A3C674E"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l04_firmware:frd-l04c605b131:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD73846E-EF3A-428C-80AE-02B82262D77B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:frd-l04:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6431578F-6072-4B6F-8D7A-58C93CDBB464"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:frd-l09_firmware:frd-l09c10b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1079EED-57FE-4792-A39B-CEC4E624B062"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l09_firmware:frd-l09c185b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BF9EA6-2420-4008-AC72-A610079AC62D"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l09_firmware:frd-l09c432b131:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B53D2F3-38F8-4F8F-B397-65D14CF164AC"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l09_firmware:frd-l09c636b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C95304A-332E-401B-A40E-111DB80D07F7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:frd-l09:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "467AE133-1883-4E8B-AEB8-AAD5E953B285"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:frd-l14_firmware:frd-l14c567b162:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E22544D7-0E95-4C5F-8C49-EA04DBCAAB91"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:frd-l14:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F1AE8A5-460B-4251-A009-03DCCC8083BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:frd-l19_firmware:frd-l19c10b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63F0F5CA-B8C5-4A60-94F8-2EAE638DDA7B"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l19_firmware:frd-l19c432b131:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FB6E5E2-9FC7-4F02-B4DB-5F393BD92B0D"
          },
          {
            "criteria": "cpe:2.3:o:huawei:frd-l19_firmware:frd-l19c636b130:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80D012FA-499B-4205-B21A-2D6D330D4784"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:frd-l19:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B8AB22BF-628A-4A5F-9813-D7D931E6BD93"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References