Lucene search
K

6 matches found

seebug.org
seebug.org
added 2017/05/12 12:0 a.m.67 views

OnePlus OTA Downgrade Vulnerability(CVE-2017-5948)

Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details lenient updater-script in the OnePlus OTAs which does not check that the current version is lower than or equal to the given image’s see below the 4.0.0...

4.3CVSS6.4AI score0.0076EPSS
Exploits3
seebug.org
seebug.org
added 2017/05/12 12:0 a.m.72 views

OnePlus OTA Lack of TLS Vulnerability(CVE-2016-10370)

Summary The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as...

5CVSS6.4AI score0.01146EPSS
Exploits8
Prion
Prion
added 2017/05/11 6:29 p.m.15 views

Design/Logic Flaw

An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote...

5CVSS7.6AI score0.01146EPSS
Exploits8References3
Cvelist
Cvelist
added 2017/05/11 6:0 p.m.22 views

CVE-2016-10370

An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote...

6.4AI score0.01146EPSS
Exploits4References3
CVE
CVE
added 2017/05/11 6:0 p.m.64 views

CVE-2017-5948

CVE-2017-5948 is a downgrade-attack vulnerability in OnePlus OxygenOS and HydrogenOS OTA updates. The root cause is a lenient updater-script in OTAs for OnePlus One, X, 2, 3, and 3T that does not enforce that the current version is

5.9CVSS5.8AI score0.0076EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2017/05/11 6:0 p.m.61 views

CVE-2016-10370

An issue linked to CVE-2016-10370 affects OnePlus OTA updaters on devices such as OnePlus 3/3T: the OTA image is delivered over HTTP without TLS, increasing the attack surface and enabling potential exploitation of other vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851). The root caus...

7.5CVSS6.2AI score0.01146EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder