The vulnerability of the OxygenOS operating system in OnePlus 3 and 3T devices allows attackers to gain elevated privileges and expose sensitive information.

🗓️ 14 Dec 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

OxygenOS on OnePlus three and threeT has access control flaws enabling remote root via hidden FastBoot commands.

Reporter	Title	Published	Views	Family All 10
CNVD	OxygenOS Code Execution Vulnerability	13 Mar 201700:00	–	cnvd
CVE	CVE-2017-5626	12 Mar 201704:57	–	cve
Cvelist	CVE-2017-5626	12 Mar 201704:57	–	cvelist
EUVD	EUVD-2017-14723	7 Oct 202500:30	–	euvd
myhack58	Get a locked OnePlus 3/3T: boot loader vulnerability-vulnerability warning-the black bar safety net	13 Feb 201700:00	–	myhack58
NVD	CVE-2017-5626	12 Mar 201705:59	–	nvd
OSV	CVE-2017-5626	12 Mar 201705:59	–	osv
Prion	Design/Logic Flaw	12 Mar 201705:59	–	prion
seebug.org	OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)	10 Feb 201700:00	–	seebug
seebug.org	OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)	27 Mar 201700:00	–	seebug

Vulners

Node

oneplus oxygenosRange<4.0.2

Source	Link
securityresear	www.securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/
securitylab	www.securitylab.ru/news/485707.php
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 39.8

CVSS 210

EPSS0.01657

oxygenos vulnerability oneplus three oneplus three t remote privilege system partition fastboot commands access control