CVE-2017-2721

EPSS 0.02%
Published 22.11.2017 19:29:01
Last modified 20.04.2025 01:37:25
Source psirt@huawei.com
Teams watchlist Login
Open Login

Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Berlin-l21 Firmware Versionberlin-l21c10b130

Huawei ≫ Berlin-l21 Version-

Huawei ≫ Berlin-l21 Firmware Versionberlin-l21c185b133

Huawei ≫ Berlin-l21 Version-

Huawei ≫ Berlin-l21hn Firmware Versionberlin-l21hnc10b131

Huawei ≫ Berlin-l21hn Version-

Huawei ≫ Berlin-l21hn Firmware Versionberlin-l21hnc185b140

Huawei ≫ Berlin-l21hn Version-

Huawei ≫ Berlin-l21hn Firmware Versionberlin-l21hnc432b151

Huawei ≫ Berlin-l21hn Version-

Huawei ≫ Berlin-l22 Firmware Versionberlin-l22c636b160

Huawei ≫ Berlin-l22 Version-

Huawei ≫ Berlin-l22hn Firmware Versionberlin-l22hnc636b130

Huawei ≫ Berlin-l22hn Version-

Huawei ≫ Berlin-l22hn Firmware Versionberlin-l22hnc675b150custc675d001

Huawei ≫ Berlin-l22hn Version-

Huawei ≫ Berlin-l23 Firmware Versionberlin-l23c605b131

Huawei ≫ Berlin-l23 Version-

Huawei ≫ Berlin-l24hn Firmware Versionberlin-l24hnc567b110

Huawei ≫ Berlin-l24hn Version-

Huawei ≫ Frd-l02 Firmware Versionfrd-l02c432b120

Huawei ≫ Frd-l02 Version-

Huawei ≫ Frd-l02 Firmware Versionfrd-l02c635b130

Huawei ≫ Frd-l02 Version-

Huawei ≫ Frd-l02 Firmware Versionfrd-l02c675b170custc675d001

Huawei ≫ Frd-l02 Version-

Huawei ≫ Frd-l04 Firmware Versionfrd-l04c567b162

Huawei ≫ Frd-l04 Version-

Huawei ≫ Frd-l04 Firmware Versionfrd-l04c605b131

Huawei ≫ Frd-l04 Version-

Huawei ≫ Frd-l09 Firmware Versionfrd-l09c10b130

Huawei ≫ Frd-l09 Version-

Huawei ≫ Frd-l09 Firmware Versionfrd-l09c185b130

Huawei ≫ Frd-l09 Version-

Huawei ≫ Frd-l09 Firmware Versionfrd-l09c432b131

Huawei ≫ Frd-l09 Version-

Huawei ≫ Frd-l09 Firmware Versionfrd-l09c636b130

Huawei ≫ Frd-l09 Version-

Huawei ≫ Frd-l14 Firmware Versionfrd-l14c567b162

Huawei ≫ Frd-l14 Version-

Huawei ≫ Frd-l19 Firmware Versionfrd-l19c10b130

Huawei ≫ Frd-l19 Version-

Huawei ≫ Frd-l19 Firmware Versionfrd-l19c432b131

Huawei ≫ Frd-l19 Version-

Huawei ≫ Frd-l19 Firmware Versionfrd-l19c636b130

Huawei ≫ Frd-l19 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-frpbypass-en

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-2721

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2721

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2721

EUVD