Huawei Mate 8/Mate S/P8 Camera access control

A vulnerability, which was classified as critical, was found in Huawei Mate 8, Mate S and P8. This affects an unknown part of the component Camera. The manipulation leads to improper access controls. The CWE definition for the vulnerability is CWE-284. The bug was discovered 11/16/2016. The weakness was shared 04/02/2017 as sa-20161116-01 (Website). It is possible to read the advisory at huawei.com. This vulnerability is uniquely identified as CVE-2016-8793. It is possible to launch the attack on the physical device. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 137 days. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94404).

Field04/03/2017 09:07 AM08/25/2020 09:50 AM11/24/2022 03:12 PM
securityfocus_titleHuawei Smart Phones Multiple Local Denial of Service VulnerabilitiesHuawei Smart Phones Multiple Local Denial of Service VulnerabilitiesHuawei Smart Phones Multiple Local Denial of Service Vulnerabilities
seealso99217 99218 9922099217 99218 9922099217 99218 99220
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days137137137
cvss3_nvd_basescore6.76.76.7
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameMate 8/Mate S/P8Mate 8/Mate S/P8Mate 8/Mate S/P8
componentCameraCameraCamera
cwe284 (access control)284 (access control)284 (access control)
risk222
historic000
cvss2_vuldb_basescore4.14.14.1
cvss2_vuldb_tempscore4.14.14.1
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acHHH
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore5.45.45.4
cvss3_meta_tempscore5.45.45.4
cvss3_vuldb_basescore4.14.14.1
cvss3_vuldb_tempscore4.14.14.1
cvss3_vuldb_avPPP
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acHHH
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2016-8793CVE-2016-8793CVE-2016-8793
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryHuawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.
securityfocus944049440494404
securityfocus_classDesign ErrorDesign Error
discoverydate14792544001479254400
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en
osvdb_titleCVE-2016-8793 - Huawei - Mate 8 Firmware - MediumCVE-2016-8793 - Huawei - Mate 8 Firmware - Medium
securityfocus_date1479427200 (11/18/2016)1479427200 (11/18/2016)
identifiersa-20161116-01
cvss2_nvd_basescore6.2

Might our Artificial Intelligence support you?

Check our Alexa App!