CVE-2017-2708
MEDIUMHuawei Nice Firmware < Nice-AL00C00B0135 - Unauthenticated Authentication Bypass via Find Phone Function
Title source: llmDescription
The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95911
Issue Tracking, Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en
Scores
CVSS v3
4.6
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-306
Status
published
Products (2)
huawei/nice_firmware
< nice-al00c00b0135
Huawei Technologies Co., Ltd./Nice
Versions earlier before Nice-AL00C00B0135
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026