CVE-2017-2710

Name of the Vulnerable Software and Affected Versions BTV-W09C229B002CUSTC229D005 BTV-W09C233B029 BTV-W09C100B006CUSTC100D002 versions earlier than BTV-W09C100B006CUSTC100D002 BTV-W09C128B003CUSTC128D002 versions earlier than BTV-W09C128B003CUSTC128D002 BTV-W09C199B002CUSTC199D002 versions earlier than BTV-W09C199B002CUSTC199D002 BTV-W09C209B005CUSTC209D001 versions earlier than BTV-W09C209B005CUSTC209D001 BTV-W09C331B002CUSTC331D001 versions earlier than BTV-W09C331B002CUSTC331D001 CRR-L09C432B390 versions earlier than CRR-L09C432B390 CRR-L09C605B355CUSTC605D003 versions earlier than CRR-L09C605B355CUSTC605D003

Description The issue concerns a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account, resulting in the FRP function being bypassed.

Recommendations For BTV-W09C229B002CUSTC229D005, update to a version later than BTV-W09C229B002CUSTC229D005. For BTV-W09C233B029, update to a version later than BTV-W09C233B029. For versions earlier than BTV-W09C100B006CUSTC100D002, update to BTV-W09C100B006CUSTC100D002 or later. For versions earlier than BTV-W09C128B003CUSTC128D002, update to BTV-W09C128B003CUSTC128D002 or later. For versions earlier than BTV-W09C199B002CUSTC199D002, update to BTV-W09C199B002CUSTC199D002 or later. For versions earlier than BTV-W09C209B005CUSTC209D001, update to BTV-W09C209B005CUSTC209D001 or later. For versions earlier than BTV-W09C331B002CUSTC331D001, update to BTV-W09C331B002CUSTC331D001 or later. For versions earlier than CRR-L09C432B390, update to CRR-L09C432B390 or later. For versions earlier than CRR-L09C605B355CUSTC605D003, update to CRR-L09C605B355CUSTC605D003 or later.