var-201704-0505
Vulnerability from variot
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. Huawei P9 and P9 Lite Software contains an authorization vulnerability.Information may be tampered with. HuaweiP9 and P9Lite are Huawei smartphones. Huawei Mobile FRP (FactoryResetProtection) bypasses the vulnerability. The attacker exploits the vulnerability to update the Googleaccount without authorization during the FRP reset process, which causes the FRP function to bypass. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. The Huawei P9 and others are smartphones from the Chinese company Huawei. The following versions are affected: Huawei P9 EVA-AL10C00 version, EVA-CL10C00 version, EVA-DL10C00 version, EVA-TL10C00 version; P9 Lite VNS-L21C185 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p9 lite",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "vns-l21c185"
},
{
"model": "p9",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "eva-al10c00"
},
{
"model": "p9",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "eva-cl10c00"
},
{
"model": "p9",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "eva-dl10c00"
},
{
"model": "p9",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "eva-tl10c00"
},
{
"model": "p9 eva-al10c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-cl10c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-dl10c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-tl10c00",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite vns-l21c185",
"scope": null,
"trust": 0.9,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite vns-l21c185b150",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-tl10c00b195",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-dl10c00b195",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-cl10c00b195",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-al10c00b195",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "BID",
"id": "94836"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p9_lite_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aung Khant Zaw from Myanmar",
"sources": [
{
"db": "BID",
"id": "94836"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8776",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8776",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-12014",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-97596",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2016-8776",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8776",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8776",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-12014",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-240",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-97596",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2016-8776",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "VULHUB",
"id": "VHN-97596"
},
{
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. Huawei P9 and P9 Lite Software contains an authorization vulnerability.Information may be tampered with. HuaweiP9 and P9Lite are Huawei smartphones. Huawei Mobile FRP (FactoryResetProtection) bypasses the vulnerability. The attacker exploits the vulnerability to update the Googleaccount without authorization during the FRP reset process, which causes the FRP function to bypass. \nAn attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. The Huawei P9 and others are smartphones from the Chinese company Huawei. The following versions are affected: Huawei P9 EVA-AL10C00 version, EVA-CL10C00 version, EVA-DL10C00 version, EVA-TL10C00 version; P9 Lite VNS-L21C185 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8776"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "BID",
"id": "94836"
},
{
"db": "VULHUB",
"id": "VHN-97596"
},
{
"db": "VULMON",
"id": "CVE-2016-8776"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8776",
"trust": 3.5
},
{
"db": "BID",
"id": "94836",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12014",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97596",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8776",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "VULHUB",
"id": "VHN-97596"
},
{
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"db": "BID",
"id": "94836"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"id": "VAR-201704-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "VULHUB",
"id": "VHN-97596"
}
],
"trust": 1.3436644
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
}
]
},
"last_update_date": "2024-11-23T22:30:49.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161207-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en"
},
{
"title": "Huawei mobile phone FRP bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/85423"
},
{
"title": "Multiple Huawei Mobile phone FRP Repair measures to bypass security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66277"
},
{
"title": "CVE-2016-8776",
"trust": 0.1,
"url": "https://github.com/maviroxz/CVE-2016-8776 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97596"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/94836"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8776"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8776"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161207-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/285.html"
},
{
"trust": 0.1,
"url": "https://github.com/maviroxz/cve-2016-8776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "VULHUB",
"id": "VHN-97596"
},
{
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"db": "BID",
"id": "94836"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"db": "VULHUB",
"id": "VHN-97596"
},
{
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"db": "BID",
"id": "94836"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97596"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94836"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"date": "2017-04-02T20:59:01.500000",
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12014"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-97596"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8776"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94836"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008255"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-240"
},
{
"date": "2024-11-21T03:00:03.190000",
"db": "NVD",
"id": "CVE-2016-8776"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P9 and P9 Lite Software authorization vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-240"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…