Details of VAR-201704-0505

ID

VAR-201704-0505

CVE

CVE-2016-8776

TITLE

Huawei P9 and P9 Lite Software authorization vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008255

DESCRIPTION

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. Huawei P9 and P9 Lite Software contains an authorization vulnerability.Information may be tampered with. HuaweiP9 and P9Lite are Huawei smartphones. Huawei Mobile FRP (FactoryResetProtection) bypasses the vulnerability. The attacker exploits the vulnerability to update the Googleaccount without authorization during the FRP reset process, which causes the FRP function to bypass. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. The Huawei P9 and others are smartphones from the Chinese company Huawei. The following versions are affected: Huawei P9 EVA-AL10C00 version, EVA-CL10C00 version, EVA-DL10C00 version, EVA-TL10C00 version; P9 Lite VNS-L21C185 version

Trust: 2.61

sources: NVD: CVE-2016-8776 // JVNDB: JVNDB-2016-008255 // CNVD: CNVD-2016-12014 // BID: 94836 // VULHUB: VHN-97596 // VULMON: CVE-2016-8776

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-12014

AFFECTED PRODUCTS

vendor:	huawei	model:	p9 lite	scope:	eq	version:	vns-l21c185	Trust: 2.4
vendor:	huawei	model:	p9	scope:	eq	version:	eva-al10c00	Trust: 2.4
vendor:	huawei	model:	p9	scope:	eq	version:	eva-cl10c00	Trust: 2.4
vendor:	huawei	model:	p9	scope:	eq	version:	eva-dl10c00	Trust: 2.4
vendor:	huawei	model:	p9	scope:	eq	version:	eva-tl10c00	Trust: 2.4
vendor:	huawei	model:	p9 eva-al10c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	p9 eva-cl10c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	p9 eva-dl10c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	p9 eva-tl10c00	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	p9 lite vns-l21c185	scope:	-	version:	-	Trust: 0.9
vendor:	huawei	model:	p9 lite vns-l21c185b150	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	p9 eva-tl10c00b195	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	p9 eva-dl10c00b195	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	p9 eva-cl10c00b195	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	p9 eva-al10c00b195	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2016-12014 // BID: 94836 // JVNDB: JVNDB-2016-008255 // CNNVD: CNNVD-201612-240 // NVD: CVE-2016-8776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8776
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8776
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-12014
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201612-240
value:	LOW
Trust: 0.6
VULHUB:	VHN-97596
value:	LOW
Trust: 0.1
VULMON:	CVE-2016-8776
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-8776
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-12014
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97596
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8776
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-12014 // VULHUB: VHN-97596 // VULMON: CVE-2016-8776 // JVNDB: JVNDB-2016-008255 // CNNVD: CNNVD-201612-240 // NVD: CVE-2016-8776

PROBLEMTYPE DATA

problemtype:

CWE-285

Trust: 1.9

sources: VULHUB: VHN-97596 // JVNDB: JVNDB-2016-008255 // NVD: CVE-2016-8776

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201612-240

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201612-240

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008255

PATCH

title:	huawei-sa-20161207-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en	Trust: 0.8
title:	Huawei mobile phone FRP bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/85423	Trust: 0.6
title:	Multiple Huawei Mobile phone FRP Repair measures to bypass security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66277	Trust: 0.6
title:	CVE-2016-8776	url:	https://github.com/maviroxz/CVE-2016-8776	Trust: 0.1

sources: CNVD: CNVD-2016-12014 // VULMON: CVE-2016-8776 // JVNDB: JVNDB-2016-008255 // CNNVD: CNNVD-201612-240

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8776	Trust: 3.5
db:	BID	id:	94836	Trust: 2.7
db:	JVNDB	id:	JVNDB-2016-008255	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-240	Trust: 0.7
db:	CNVD	id:	CNVD-2016-12014	Trust: 0.6
db:	VULHUB	id:	VHN-97596	Trust: 0.1
db:	VULMON	id:	CVE-2016-8776	Trust: 0.1

sources: CNVD: CNVD-2016-12014 // VULHUB: VHN-97596 // VULMON: CVE-2016-8776 // BID: 94836 // JVNDB: JVNDB-2016-008255 // CNNVD: CNNVD-201612-240 // NVD: CVE-2016-8776

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en	Trust: 2.1
url:	http://www.securityfocus.com/bid/94836	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8776	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8776	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161207-01-smartphone-cn	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/285.html	Trust: 0.1
url:	https://github.com/maviroxz/cve-2016-8776	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-12014 // VULHUB: VHN-97596 // VULMON: CVE-2016-8776 // BID: 94836 // JVNDB: JVNDB-2016-008255 // CNNVD: CNNVD-201612-240 // NVD: CVE-2016-8776

CREDITS

Aung Khant Zaw from Myanmar

Trust: 0.3

sources: BID: 94836

SOURCES

db:	CNVD	id:	CNVD-2016-12014
db:	VULHUB	id:	VHN-97596
db:	VULMON	id:	CVE-2016-8776
db:	BID	id:	94836
db:	JVNDB	id:	JVNDB-2016-008255
db:	CNNVD	id:	CNNVD-201612-240
db:	NVD	id:	CVE-2016-8776

LAST UPDATE DATE

2025-04-20T23:32:14.369000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-12014	date:	2016-12-12T00:00:00
db:	VULHUB	id:	VHN-97596	date:	2017-04-10T00:00:00
db:	VULMON	id:	CVE-2016-8776	date:	2017-04-10T00:00:00
db:	BID	id:	94836	date:	2016-12-20T01:08:00
db:	JVNDB	id:	JVNDB-2016-008255	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201612-240	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-8776	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-12014	date:	2016-12-08T00:00:00
db:	VULHUB	id:	VHN-97596	date:	2017-04-02T00:00:00
db:	VULMON	id:	CVE-2016-8776	date:	2017-04-02T00:00:00
db:	BID	id:	94836	date:	2016-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-008255	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201612-240	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-8776	date:	2017-04-02T20:59:01.500