CVE-2016-8776

MEDIUM

Huawei P9 and P9 Lite - Factory Reset Protection Bypass

Title source: llm

Description

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.

Exploits (2)

nomisec STUB 15 stars

by akzedevops · poc

https://github.com/akzedevops/CVE-2016-8776

View Code ZIP pw:eip

inthewild STUB

poc

https://github.com/rerugan/cve-2016-8776

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94836

Scores

CVSS v3 4.6

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-285

Status published

Products (6)

huawei/p9_firmware eva-al10c00

huawei/p9_firmware eva-cl10c00

huawei/p9_firmware eva-dl10c00

huawei/p9_firmware eva-tl10c00

huawei/p9_lite_firmware vns-l21c185

n/a/P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185, P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,

Published Apr 02, 2017

Tracked Since Feb 18, 2026