57 matches found
EUVD-2017-15017
Malware in sbrugna...
EUVD-2017-14719
Malware in sbrugna...
EUVD-2017-14721
Malware in sbrugna...
EUVD-2017-14720
Malware in sbrugna...
EUVD-2017-14722
Malware in sbrugna...
EUVD-2017-14723
Malware in sbrugna...
CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)
Overview Rapid7 has identified a permission bypass vulnerability in multiple versions of OnePlus OxygenOS installed on its Android smartphones, across multiple devices. It is expected that a wider range of devices than those tested are affected. When leveraged, the vulnerability allows any...
OnePlus OxygenOS 安全漏洞
OnePlus OxygenOS is a smartphone operating system from Chinese company OnePlus. A security vulnerability exists in OnePlus OxygenOS, which stems from a lack of write access to multiple content providers and SQL injection in the update method of these providers, which could lead to the disclosure ...
OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader
Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A...
Code injection
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download EDL mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as...
CVE-2017-5947
The CVE-2017-5947 issue affects OnePlus devices (OnePlus One, X, 2, 3, 3T, 5) running OxygenOS 5.0 and earlier. The root cause is the ability to force a reboot into Qualcomm Emergency Download (EDL) mode via ADB or Volume-Up when USB is connected, which can enable downgrading critical partitions ...
OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader
Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson"...
OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable It
There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website...
Unspecified Vulnerability in OxygenOS and HydrogenOS OTAs for Multiple OnePlus Products
OnePlus One and others are smartphones from China's OnePlus Technology OnePlus.OxygenOS and HydrogenOS are both operating systems that come with them.HydrogenOS OTAs is a system update application in HydrogenOS. A security vulnerability exists in OxygenOS and HydrogenOS OTAs in multiple OnePlus...
OnePlus 3/3T OxygenOS SELinux Security Bypass(CVE-2017-5554)
Products OnePlus 3T OnePlus 3 Vulnerable Version OxygenOS prior to 4.0.2 Technical Details The attacker can reboot a OnePlus 3/3T device into the fastboot mode, which could be done without any authentication. A physical attacker can press the “Volume Up” button during device boot, where an attack...
OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability(CVE-2017-8850)
Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details Due to lenient updater-script in the OnePlus OTA images see below, and the fact both ROMs use the same OTA verification keys, attackers can install HydrogenOS...
OnePlus OTA Downgrade Vulnerability(CVE-2017-5948)
Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details lenient updater-script in the OnePlus OTAs which does not check that the current version is lower than or equal to the given image’s see below the 4.0.0...
OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot(CVE-2017-5625)
Products OnePlus 3T OnePlus 3 Vulnerable Version OxygenOS 4.0.2 and earlier Mitigation Install OxygenOS 4.0.3 or later Summary A physical attacker, PC malware / malicious charger having ADB or fastboot access to the device can cause a locked bootloader to partially dump the content of an arbitrar...
Design/Logic Flaw
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on...
CVE-2017-5948
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on...