Sign-up

ID

VAR-201711-0226


CVE

CVE-2017-2710


TITLE

Beethoven-W09A and CRR-L09 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010805

DESCRIPTION

BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. Beethoven-W09A and CRR-L09 Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. HuaweiBeethoven-W09A and Huawei CRR-L09 are both Huawei's smartphones. There are security bypass vulnerabilities in the HuaweiBeethoven-W09A and CRR-L09 phones. Huawei Smart Phones are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. The Huawei Beethoven-W09A and Huawei CRR-L09 are both smartphones from the Chinese company Huawei

Trust: 2.52

sources: NVD: CVE-2017-2710 // JVNDB: JVNDB-2017-010805 // CNVD: CNVD-2017-08777 // BID: 98712 // VULHUB: VHN-110913

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-08777

AFFECTED PRODUCTS

vendor:huaweimodel:beethoven-w09ascope:eqversion:btv-w09c229b002custc229d005

Trust: 2.4

vendor:huaweimodel:beethoven-w09ascope:eqversion:btv-w09c233b029

Trust: 2.4

vendor:huaweimodel:beethoven-w09ascope:ltversion:btv-w09c100b006custc100d002

Trust: 1.8

vendor:huaweimodel:beethoven-w09ascope:ltversion:btv-w09c128b003custc128d002

Trust: 1.8

vendor:huaweimodel:beethoven-w09ascope:ltversion:btv-w09c199b002custc199d002

Trust: 1.8

vendor:huaweimodel:beethoven-w09ascope:ltversion:btv-w09c209b005custc209d001

Trust: 1.8

vendor:huaweimodel:beethoven-w09ascope:ltversion:btv-w09c331b002custc331d001

Trust: 1.8

vendor:huaweimodel:crr-l09scope:ltversion:crr-l09c432b390

Trust: 1.8

vendor:huaweimodel:crr-l09scope:ltversion:crr-l09c605b355custc605d003

Trust: 1.8

vendor:huaweimodel:beethoven-w09a btv-w09c233b029scope: - version: -

Trust: 0.9

vendor:huaweimodel:beethoven-w09a btv-w09c229b002custc229d005scope: - version: -

Trust: 0.6

vendor:huaweimodel:beethoven-w09a <btv-w09c100b006custc100d002scope: - version: -

Trust: 0.6

vendor:huaweimodel:beethoven-w09a <btv-w09c128b003custc128d002scope: - version: -

Trust: 0.6

vendor:huaweimodel:beethoven-w09a <btv-w09c199b002custc199d002scope: - version: -

Trust: 0.6

vendor:huaweimodel:crr-l09 <crr-l09c432b390scope: - version: -

Trust: 0.6

vendor:huaweimodel:crr-l09 <crr-l09c605b355custc605d003scope: - version: -

Trust: 0.6

vendor:huaweimodel:crr-l09scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c229b002custcscope: - version: -

Trust: 0.3

vendor:huaweimodel:crr-l09 crr-l09c605b355custcscope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c331b002custcscope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c233b030scope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c229b003custcscope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c209b005custcscope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c199b002custcscope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c128b003custcscope:neversion: -

Trust: 0.3

vendor:huaweimodel:beethoven-w09a btv-w09c100b006custcscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-08777 // BID: 98712 // JVNDB: JVNDB-2017-010805 // CNNVD: CNNVD-201705-1282 // NVD: CVE-2017-2710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2710
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2710
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-08777
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-1282
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110913
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2710
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-08777
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110913
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2710
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-08777 // VULHUB: VHN-110913 // JVNDB: JVNDB-2017-010805 // CNNVD: CNNVD-201705-1282 // NVD: CVE-2017-2710

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-110913 // JVNDB: JVNDB-2017-010805 // NVD: CVE-2017-2710

THREAT TYPE

local

Trust: 0.9

sources: BID: 98712 // CNNVD: CNNVD-201705-1282

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201705-1282

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010805

PATCH
title:huawei-sa-20170524-01-frpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
Trust: 0.8
title:HuaweiBeethoven-W09A and CRR-L09 mobile security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/94996
Trust: 0.6
title:Huawei Beethoven-W09A  and CRR-L09 Mobile phone security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70597
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-08777 // 
            
            
            
            JVNDB: JVNDB-2017-010805 // 
            
            
            
            CNNVD: CNNVD-201705-1282

EXTERNAL IDS
db:NVDid:CVE-2017-2710
Trust: 3.4
db:BIDid:98712
Trust: 2.0
db:JVNDBid:JVNDB-2017-010805
Trust: 0.8
db:CNNVDid:CNNVD-201705-1282
Trust: 0.7
db:CNVDid:CNVD-2017-08777
Trust: 0.6
db:VULHUBid:VHN-110913
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-08777 // 
            
            
            
            VULHUB: VHN-110913 // 
            
            
            
            BID: 98712 // 
            
            
            
            JVNDB: JVNDB-2017-010805 // 
            
            
            
            CNNVD: CNNVD-201705-1282 // 
            
            
            
            NVD: CVE-2017-2710

REFERENCES
url:http://www.securityfocus.com/bid/98712
Trust: 1.7
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2710
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2710
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170524-01-frp-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170524-01-frp-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-08777 // 
            
            
            
            VULHUB: VHN-110913 // 
            
            
            
            BID: 98712 // 
            
            
            
            JVNDB: JVNDB-2017-010805 // 
            
            
            
            CNNVD: CNNVD-201705-1282 // 
            
            
            
            NVD: CVE-2017-2710

CREDITS
Alessandro De Bartolo
Trust: 0.3
sources:
            
            
            BID: 98712

SOURCES
db:CNVDid:CNVD-2017-08777
db:VULHUBid:VHN-110913
db:BIDid:98712
db:JVNDBid:JVNDB-2017-010805
db:CNNVDid:CNNVD-201705-1282
db:NVDid:CVE-2017-2710

LAST UPDATE DATE
2025-04-20T23:23:34.035000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-08777date:2017-06-09T00:00:00
db:VULHUBid:VHN-110913date:2019-10-03T00:00:00
db:BIDid:98712date:2017-05-24T00:00:00
db:JVNDBid:JVNDB-2017-010805date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201705-1282date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2710date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-08777date:2017-06-08T00:00:00
db:VULHUBid:VHN-110913date:2017-11-22T00:00:00
db:BIDid:98712date:2017-05-24T00:00:00
db:JVNDBid:JVNDB-2017-010805date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201705-1282date:2017-05-26T00:00:00
db:NVDid:CVE-2017-2710date:2017-11-22T19:29:00.943