Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

seebug.org
seebug.orgadded 2017/05/12 12:0 a.m.34 views

OnePlus OTA One/X Crossover Vulnerability(CVE-2017-8851)

Products OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details Due to lenient updater-script on the OnePlus One & X’s OTA images see below, the fact both products use the same OTA verification keys, and the fact both products share the same...

5CVSS6.1AI score0.01146EPSS
Exploits5
seebug.org
seebug.orgadded 2017/05/12 12:0 a.m.72 views

OnePlus OTA Lack of TLS Vulnerability(CVE-2016-10370)

Summary The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as...

5CVSS6.4AI score0.01146EPSS
Exploits8
NVD
NVDadded 2017/05/11 6:29 p.m.15 views

CVE-2017-8850

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for...

5.9CVSS5.9AI score0.0043EPSS
Exploits3References1
Prion
Prionadded 2017/05/11 6:29 p.m.31 views

Spoofing

An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs ...

4.3CVSS5.8AI score0.01146EPSS
Exploits5References1
Prion
Prionadded 2017/05/11 6:29 p.m.20 views

Design/Logic Flaw

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on...

4.3CVSS5.9AI score0.01146EPSS
Exploits6References1
Cvelist
Cvelistadded 2017/05/11 6:0 p.m.21 views

CVE-2016-10370

An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote...

6.4AI score0.01146EPSS
Exploits4References3
CVE
CVEadded 2017/05/11 6:0 p.m.64 views

CVE-2017-5948

CVE-2017-5948 is a downgrade-attack vulnerability in OnePlus OxygenOS and HydrogenOS OTA updates. The root cause is a lenient updater-script in OTAs for OnePlus One, X, 2, 3, and 3T that does not enforce that the current version is

5.9CVSS5.8AI score0.0076EPSS
Exploits3References1Affected Software1
CVE
CVEadded 2017/05/11 6:0 p.m.61 views

CVE-2016-10370

An issue linked to CVE-2016-10370 affects OnePlus OTA updaters on devices such as OnePlus 3/3T: the OTA image is delivered over HTTP without TLS, increasing the attack surface and enabling potential exploitation of other vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851). The root caus...

7.5CVSS6.2AI score0.01146EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder