Lucene search

Huawei TechnologiesHUAWEI-SA-20170920-01-FRPBYPASS

HistorySep 20, 2017 - 12:00 a.m.

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

2017-09-2000:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.3%

JSON

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-07117)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2721.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-frpbypass-en

Affected configurations

Vulners

Node

huaweiberlin-l21Matchberlin-l21c10b130

huaweiberlin-l21Matchberlin-l21c185b133

huaweiberlin-l21hnMatchberlin-l21hnc10b131

huaweiberlin-l21hnMatchberlin-l21hnc185b140

huaweiberlin-l21hnMatchberlin-l21hnc432b151

huaweiberlin-l22Matchberlin-l22c636b160

huaweiberlin-l22hnMatchberlin-l22hnc636b130

huaweiberlin-l22hnMatchberlin-l22hnc675b150custc675d001

huaweiberlin-l23Matchberlin-l23c605b131

huaweiberlin-l24hnMatchberlin-l24hnc567b110

huaweifrd-l02Matchfrd-l02c432b120

huaweifrd-l02Matchfrd-l02c635b130

huaweifrd-l02Matchfrd-l02c675b170custc675d001

huaweifrd-l04Matchfrd-l04c567b162

huaweifrd-l04Matchfrd-l04c605b131

huaweifrd-l09Matchfrd-l09c10b130

huaweifrd-l09Matchfrd-l09c185b130

huaweifrd-l09Matchfrd-l09c432b131

huaweifrd-l09Matchfrd-l09c636b130

huaweifrd-l14Matchfrd-l14c567b162

huaweifrd-l19Matchfrd-l19c10b130

huaweifrd-l19Matchfrd-l19c432b131

huaweifrd-l19Matchfrd-l19c636b130

CPENameOperatorVersion
berlin-l21eqBerlin-L21C10B130
berlin-l21eqBerlin-L21C185B133
berlin-l21hneqBerlin-L21HNC10B131
berlin-l21hneqBerlin-L21HNC185B140
berlin-l21hneqBerlin-L21HNC432B151
berlin-l22eqBerlin-L22C636B160
berlin-l22hneqBerlin-L22HNC636B130
berlin-l22hneqBerlin-L22HNC675B150CUSTC675D001
berlin-l23eqBerlin-L23C605B131
berlin-l24hneqBerlin-L24HNC567B110

Name	Operator	Version
berlin-l21	eq	Berlin-L21C10B130
berlin-l21	eq	Berlin-L21C185B133
berlin-l21hn	eq	Berlin-L21HNC10B131
berlin-l21hn	eq	Berlin-L21HNC185B140
berlin-l21hn	eq	Berlin-L21HNC432B151
berlin-l22	eq	Berlin-L22C636B160
berlin-l22hn	eq	Berlin-L22HNC636B130
berlin-l22hn	eq	Berlin-L22HNC675B150CUSTC675D001
berlin-l23	eq	Berlin-L23C605B131
berlin-l24hn	eq	Berlin-L24HNC567B110

Rows per page:

1-10 of 231

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for HUAWEI-SA-20170920-01-FRPBYPASS