OnePlus 3 and 3T OxygenOS security bypass vulnerability (CNVD-2017-06819)

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system that comes with the device. A security spare vulnerability exists in OxygenOS versions prior to 4.0.3 on OnePlus 3 and 3T devices. An unauthorized attacker could exploit the...

CVE-2017-5625

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition except 'keystore' by issuing the 'fastboot oem dump ' fastboot command...

OnePlus 3 and 3T OxygenOS security bypass vulnerability

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system that comes with the device. A security bypass vulnerability exists in OxygenOS in OnePlus 3 and 3T. An attacker can exploit the vulnerability to open an ADB session and disclose...

CVE-2017-5622

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other...

OnePlus OxygenOS Local Security Bypass Vulnerability

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. A local security bypass vulnerability exists in OnePlus OxygenOS. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized...

OxygenOS Elevation of Privilege Vulnerability

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. An elevation of privilege vulnerability exists in OxygenOS versions prior to 4.0.3. The vulnerability can be exploited by an attacker to execute arbitrary code and...

CVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...

CVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

OnePlus 3 and 3T Denial of Service Vulnerability

OnePlus 3 and 3T are two smartphones from OnePlus Technologies. A denial of service vulnerability exists in the OnePlus 3 and 3T. A remote attacker can exploit the vulnerability to reboot the device and cause a denial of service...