CVE-2016-8776 — MEDIUM (4.6)

Vulnerability Description

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	P9 Firmware	eva-al10c00
Huawei	P9	-
Huawei	P9 Lite Firmware	vns-l21c185
Huawei	P9 Lite	-

Related Weaknesses (CWE)

CWE-285

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphVendor Advisory
http://www.securityfocus.com/bid/94836Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphVendor Advisory
http://www.securityfocus.com/bid/94836Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-8776?

CVE-2016-8776 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some f...

How severe is CVE-2016-8776?

CVE-2016-8776 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8776?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei P9 Firmware, Huawei P9, Huawei P9 Lite Firmware, Huawei P9 Lite.