Sign-up

ID

VAR-201711-0237


CVE

CVE-2017-2721


TITLE

Huawei Vulnerabilities related to authorization, authority, and access control in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010808

DESCRIPTION

Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. HuaweiBerlin-L21, L21HN, L22, L22HN, L23, L24HN, and FRD-L02, L04, L09, L14, and L19 are all Huawei smartphones. Huawei Berlin-L21 and others are all smartphone products of China's Huawei (Huawei). Several Huawei products have security vulnerabilities. The following products and versions are affected: Huawei Berlin-L21 Berlin-L21C10B130 version, Berlin-L21C185B133 version, Berlin-L21HN Berlin-L21HNC10B131 version, Berlin-L21HNC185B140 version, Berlin-L21HNC432B151 version; Berlin-L22HNC636B130 Version, Berlin-L22HNC675B150CUSTC675D001 Version; Berlin-L23 Berlin-L23C605B131 Version; Berlin-L24HN Berlin-L24HNC567B110 Version; FRD-L02 FRD-L02C432B120 Version, FRD-L02C635B130 Version, FRD-L02C675B170CUSTC675D001 Version; FRD-L04 FRD-L04C567B162 Version, FRD-L04C605B131 version; FRD-L09 FRD-L09C10B130 version, FRD-L09C185B130 version, FRD-L09C432B131 version, FRD-L09C636B130 version; FRD-L14 FRD-L14C567B162 version; , FRD-L19C636B130 version

Trust: 2.25

sources: NVD: CVE-2017-2721 // JVNDB: JVNDB-2017-010808 // CNVD: CNVD-2017-33956 // VULHUB: VHN-110924

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33956

AFFECTED PRODUCTS

vendor:huaweimodel:berlin-l21scope:eqversion:berlin-l21c10b130

Trust: 2.4

vendor:huaweimodel:berlin-l21scope:eqversion:berlin-l21c185b133

Trust: 2.4

vendor:huaweimodel:berlin-l21hnscope:eqversion:berlin-l21hnc10b131

Trust: 2.4

vendor:huaweimodel:berlin-l21hnscope:eqversion:berlin-l21hnc185b140

Trust: 2.4

vendor:huaweimodel:berlin-l21hnscope:eqversion:berlin-l21hnc432b151

Trust: 2.4

vendor:huaweimodel:berlin-l22scope:eqversion:berlin-l22c636b160

Trust: 2.4

vendor:huaweimodel:berlin-l22hnscope:eqversion:berlin-l22hnc636b130

Trust: 2.4

vendor:huaweimodel:berlin-l22hnscope:eqversion:berlin-l22hnc675b150custc675d001

Trust: 2.4

vendor:huaweimodel:berlin-l23scope:eqversion:berlin-l23c605b131

Trust: 2.4

vendor:huaweimodel:berlin-l24hnscope:eqversion:berlin-l24hnc567b110

Trust: 2.4

vendor:huaweimodel:frd-l02scope:eqversion:frd-l02c432b120

Trust: 1.8

vendor:huaweimodel:frd-l02scope:eqversion:frd-l02c635b130

Trust: 1.8

vendor:huaweimodel:frd-l02scope:eqversion:frd-l02c675b170custc675d001

Trust: 1.8

vendor:huaweimodel:frd-l04scope:eqversion:frd-l04c567b162

Trust: 1.8

vendor:huaweimodel:frd-l04scope:eqversion:frd-l04c605b131

Trust: 1.8

vendor:huaweimodel:frd-l09scope:eqversion:frd-l09c10b130

Trust: 1.8

vendor:huaweimodel:frd-l09scope:eqversion:frd-l09c185b130

Trust: 1.8

vendor:huaweimodel:frd-l09scope:eqversion:frd-l09c432b131

Trust: 1.8

vendor:huaweimodel:frd-l09scope:eqversion:frd-l09c636b130

Trust: 1.8

vendor:huaweimodel:frd-l14scope:eqversion:frd-l14c567b162

Trust: 1.8

vendor:huaweimodel:frd-l19scope:eqversion:frd-l19c10b130

Trust: 1.8

vendor:huaweimodel:frd-l19scope:eqversion:frd-l19c432b131

Trust: 1.8

vendor:huaweimodel:frd-l19scope:eqversion:frd-l19c636b130

Trust: 1.8

vendor:huaweimodel:berlin-l21 berlin-l21c10b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l21 berlin-l21c185b133scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l22 berlin-l22c636b160scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l23 berlin-l23c605b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l21hn berlin-l21hnc10b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l21hn berlin-l21hnc185b140scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l21hn berlin-l21hnc432b151scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l22hn berlin-l22hnc636b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l22hn berlin-l22hnc675b150custc675d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l24hn berlin-l24hnc567b110scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l02 frd-l02c432b120scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l02 frd-l02c635b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l02 frd-l02c675b170custc675d001scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l04 frd-l04c567b162scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l04 frd-l04c605b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l09 frd-l09c10b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l09 frd-l09c185b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l09 frd-l09c432b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l09 frd-l09c636b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l14 frd-l14c567b162scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l19 frd-l19c10b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l19 frd-l19c432b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:frd-l19 frd-l19c636b130scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-33956 // JVNDB: JVNDB-2017-010808 // CNNVD: CNNVD-201711-1003 // NVD: CVE-2017-2721

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2721
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2721
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33956
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-1003
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110924
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2721
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33956
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110924
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2721
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-33956 // VULHUB: VHN-110924 // JVNDB: JVNDB-2017-010808 // CNNVD: CNNVD-201711-1003 // NVD: CVE-2017-2721

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-110924 // JVNDB: JVNDB-2017-010808 // NVD: CVE-2017-2721

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1003

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-1003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010808

PATCH
title:huawei-sa-20170920-01-frpbypassurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-frpbypass-en
Trust: 0.8
title:A variety of Huawei mobile phone security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/106061
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76713
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33956 // 
            
            
            
            JVNDB: JVNDB-2017-010808 // 
            
            
            
            CNNVD: CNNVD-201711-1003

EXTERNAL IDS
db:NVDid:CVE-2017-2721
Trust: 3.1
db:JVNDBid:JVNDB-2017-010808
Trust: 0.8
db:CNNVDid:CNNVD-201711-1003
Trust: 0.7
db:CNVDid:CNVD-2017-33956
Trust: 0.6
db:VULHUBid:VHN-110924
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33956 // 
            
            
            
            VULHUB: VHN-110924 // 
            
            
            
            JVNDB: JVNDB-2017-010808 // 
            
            
            
            CNNVD: CNNVD-201711-1003 // 
            
            
            
            NVD: CVE-2017-2721

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-frpbypass-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2721
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2721
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-frpbypass-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33956 // 
            
            
            
            VULHUB: VHN-110924 // 
            
            
            
            JVNDB: JVNDB-2017-010808 // 
            
            
            
            CNNVD: CNNVD-201711-1003 // 
            
            
            
            NVD: CVE-2017-2721

SOURCES
db:CNVDid:CNVD-2017-33956
db:VULHUBid:VHN-110924
db:JVNDBid:JVNDB-2017-010808
db:CNNVDid:CNNVD-201711-1003
db:NVDid:CVE-2017-2721

LAST UPDATE DATE
2025-04-20T23:35:40.868000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33956date:2017-11-15T00:00:00
db:VULHUBid:VHN-110924date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010808date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-1003date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2721date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33956date:2017-11-15T00:00:00
db:VULHUBid:VHN-110924date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010808date:2017-12-25T00:00:00
db:CNNVDid:CNNVD-201711-1003date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2721date:2017-11-22T19:29:01.397