CVE-2016-8776 - OpenCVE

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	P9 P9 Firmware P9 Lite P9 Lite Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:p9_firmware:eva-al10c00:::::::*
	cpe:2.3:o:huawei:p9_firmware:eva-cl10c00:::::::*
	cpe:2.3:o:huawei:p9_firmware:eva-dl10c00:::::::*
	cpe:2.3:o:huawei:p9_firmware:eva-tl10c00:::::::*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p9_lite_firmware:vns-l21c185:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en
http://www.securityfocus.com/bid/94836

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00

Updated: 2024-08-06T02:35:01.434Z

Reserved: 2016-10-18T00:00:00

Link: CVE-2016-8776

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-04-02T20:59:01.500

Modified: 2017-04-10T20:28:07.127

Link: CVE-2016-8776

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,", "vendor": "n/a", "versions": [{"status": "affected", "version": "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account."}], "problemTypes": [{"descriptions": [{"description": "Factory Reset Protection (FRP) bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-03T09:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"name": "94836", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94836"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2016-8776", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,", "version": {"version_data": [{"version_value": "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Factory Reset Protection (FRP) bypass"}]}]}, "references": {"reference_data": [{"name": "94836", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94836"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:35:01.434Z"}, "title": "CVE Program Container", "references": [{"name": "94836", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94836"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2016-8776", "datePublished": "2017-04-02T20:00:00", "dateReserved": "2016-10-18T00:00:00", "dateUpdated": "2024-08-06T02:35:01.434Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:eva-al10c00:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3EDB4-1FA3-4CB9-AD13-2A4E9D359BEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p9_firmware:eva-cl10c00:*:*:*:*:*:*:*", "matchCriteriaId": "B3F74F87-3612-4199-B510-9752D838F3EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p9_firmware:eva-dl10c00:*:*:*:*:*:*:*", "matchCriteriaId": "318A1B3C-116F-4F0D-BAC9-ADE8CA09344F", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p9_firmware:eva-tl10c00:*:*:*:*:*:*:*", "matchCriteriaId": "B2CB2748-E2B4-4FAD-8586-3F5F048B042B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:vns-l21c185:*:*:*:*:*:*:*", "matchCriteriaId": "5A9C5E57-8D99-4134-8A79-AD74E7C8C057", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account."}, {"lang": "es", "value": "Tel\u00e9fonos Huawei P9 con software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 y tel\u00e9fonos P9 Lite con software VNS-L21C185 permiten a atacantes eludir la protecci\u00f3n de restablecimiento de f\u00e1brica (FRP) para introducir algunos m\u00f3dulos funcionales sin autorizaci\u00f3n y realizar operaciones para actualizar la cuenta de Google."}], "id": "CVE-2016-8776", "lastModified": "2017-04-10T20:28:07.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T20:59:01.500", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94836"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "nvd@nist.gov", "type": "Primary"}]}