ByteOS Network

Vulnerability Details :

CVE-2016-8776

Assigner-huawei

Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e

Published At-02 Apr, 2017 | 20:00

Updated At-06 Aug, 2024 | 02:35

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:huawei

Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e

Published At:02 Apr, 2017 | 20:00

Updated At:06 Aug, 2024 | 02:35

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,

Versions

Affected

P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,

Problem Types

Type	CWE ID	Description
text	N/A	Factory Reset Protection (FRP) bypass

Type: text

CWE ID: N/A

Description: Factory Reset Protection (FRP) bypass

References

Hyperlink	Resource
http://www.securityfocus.com/bid/94836	vdb-entry x_refsource_BID
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en	x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/94836

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/94836	vdb-entry x_refsource_BID x_transferred
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en	x_refsource_CONFIRM x_transferred

Hyperlink: http://www.securityfocus.com/bid/94836

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@huawei.com

Published At:02 Apr, 2017 | 20:59

Updated At:20 Apr, 2025 | 01:37

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.6	MEDIUM	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-285	Primary	nvd@nist.gov

CWE ID: CWE-285

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en	psirt@huawei.com	Vendor Advisory
http://www.securityfocus.com/bid/94836	psirt@huawei.com	Third Party Advisory VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securityfocus.com/bid/94836	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en

Source: psirt@huawei.com

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/94836

Source: psirt@huawei.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/94836

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Similar CVEs

59Records found

CVE-2022-46312

Matching Score-6

Assigner-Huawei Technologies

View Details

Matching Score-6

Assigner-Huawei Technologies

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.84%

7 Day CHG~0.00%

Published-20 Dec, 2022 | 00:00

Updated-17 Apr, 2025 | 19:15

The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.

Vendor-Huawei Technologies Co., Ltd.

Product-harmonyos emui EMUI HarmonyOS

CWE ID-CWE-285

Improper Authorization

CVE-2023-39400

Matching Score-6

Assigner-Huawei Technologies

View Details

Matching Score-6

Assigner-Huawei Technologies

CVSS Score-9.1||CRITICAL

EPSS-0.10% / 28.70%

7 Day CHG~0.00%

Published-13 Aug, 2023 | 12:36

Updated-09 Oct, 2024 | 20:35

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Vendor-Huawei Technologies Co., Ltd.

Product-emui harmonyos HarmonyOS EMUI

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE ID-CWE-285

Improper Authorization

CVE-2023-39403

Matching Score-6

Assigner-Huawei Technologies

View Details

Matching Score-6

Assigner-Huawei Technologies

CVSS Score-9.1||CRITICAL

EPSS-0.06% / 17.58%

7 Day CHG~0.00%

Published-13 Aug, 2023 | 12:40

Updated-09 Oct, 2024 | 20:35

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Vendor-Huawei Technologies Co., Ltd.

Product-emui harmonyos HarmonyOS EMUI

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-358

Improperly Implemented Security Check for Standard

CVE-2023-39399

Matching Score-6

Assigner-Huawei Technologies

View Details

Matching Score-6

Assigner-Huawei Technologies

CVSS Score-9.1||CRITICAL

EPSS-0.07% / 20.77%

7 Day CHG~0.00%

Published-13 Aug, 2023 | 12:35

Updated-09 Oct, 2024 | 20:35

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Vendor-Huawei Technologies Co., Ltd.

Product-emui harmonyos HarmonyOS EMUI

CWE ID-CWE-275

Not Available

CWE ID-CWE-285

Improper Authorization

CVE-2021-25351

Matching Score-4

Assigner-Samsung Mobile

View Details

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-3.2||LOW

EPSS-0.05% / 14.54%

7 Day CHG~0.00%

Published-25 Mar, 2021 | 16:10

Updated-03 Aug, 2024 | 20:03

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

Vendor-Google LLC Samsung Samsung Electronics

Product-account android Samsung Account

CWE ID-CWE-285

Improper Authorization

CVE-2020-5362

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.05% / 15.52%

7 Day CHG~0.00%

Published-10 Jun, 2020 | 20:40

Updated-17 Sep, 2024 | 02:41

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Vendor-Dell Inc.

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-862

Missing Authorization

CVE-2022-33702

Matching Score-4

Assigner-Samsung Mobile

View Details

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-6.2||MEDIUM

EPSS-0.02% / 2.15%

7 Day CHG~0.00%

Published-11 Jul, 2022 | 13:36

Updated-03 Aug, 2024 | 08:09

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

Vendor-Google LLC Samsung Electronics

Product-android Samsung Mobile Devices

CWE ID-CWE-285

Improper Authorization

CVE-2020-1908

Matching Score-4

Assigner-Meta Platforms, Inc.

View Details

Matching Score-4

Assigner-Meta Platforms, Inc.

CVSS Score-4.6||MEDIUM

EPSS-0.05% / 15.76%

7 Day CHG~0.00%

Published-03 Nov, 2020 | 19:15

Updated-04 Aug, 2024 | 06:53

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.

Vendor-WhatsApp LLC Facebook

Product-whatsapp whatsapp_business WhatsApp for iOS WhatsApp Business for iOS

CWE ID-CWE-285

Improper Authorization

CWE ID-CWE-552

Files or Directories Accessible to External Parties

CVE-2021-25459

Matching Score-4

Assigner-Samsung Mobile

View Details

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-4||MEDIUM

EPSS-0.02% / 3.08%

7 Day CHG~0.00%

Published-09 Sep, 2021 | 18:04

Updated-03 Aug, 2024 | 20:03

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

Vendor-Google LLC Samsung Electronics

Product-android Samsung Mobile Devices

CWE ID-CWE-285

Improper Authorization

CVE-2016-8776

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs