CVE-2016-8462

MEDIUM

Android < 7.1.0 - Unauthorized Data Access via Bootloader

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-8462. PoCs published by CunningLogic.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2016-8462, which allows reading data from a Pixel device in bootloader mode, even with a locked bootloader. The exploit uses USB communication to interact with the device's fastboot interface and dump partition data by leveraging the 'oem sha1sum' command.

Description

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383.

Exploits (1)

nomisec WORKING POC 31 stars

by CunningLogic · poc

https://github.com/CunningLogic/PixelDump_CVE-2016-8462

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2016-8462, which allows reading data from a Pixel device in bootloader mode, even with a locked bootloader. The exploit uses USB communication to interact with the device's fastboot interface and dump partition data by leveraging the 'oem sha1sum' command.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Google Pixel bootloader (specific version not specified)

No auth needed

Prerequisites: Physical access to the device · Device in bootloader mode · USB debugging enabled

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_misc

https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/

Patch, Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-01-01.html

Various Sources x_refsource_misc

https://github.com/CunningLogic/PixelDump_CVE-2016-8462

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95237

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

google/android < 7.1.0

Google Inc./Android

Published Jan 12, 2017

Tracked Since Feb 18, 2026