CVE-2016-8776

Summary

CVE	CVE-2016-8776
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-04-02 20:59:00 UTC
Updated	2017-04-10 20:28:00 UTC
Description	Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.

Risk And Classification

Problem Types: CWE-285

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Huawei	P9	-	All	All	All
Hardware	Huawei	P9	-	All	All	All
Operating System	Huawei	P9 Firmware	eva-al10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-cl10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-dl10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-tl10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-al10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-cl10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-dl10c00	All	All	All
Operating System	Huawei	P9 Firmware	eva-tl10c00	All	All	All
Hardware	Huawei	P9 Lite	-	All	All	All
Hardware	Huawei	P9 Lite	-	All	All	All
Operating System	Huawei	P9 Lite Firmware	vns-l21c185	All	All	All
Operating System	Huawei	P9 Lite Firmware	vns-l21c185	All	All	All

References

Reference	Source	Link	Tags
Huawei P9 and P9 Lite CVE-2016-8776 Security Bypass Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones	CONFIRM	www.huawei.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.