Lucene search
K

5 matches found

seebug.org
seebug.org
added 2017/05/12 12:0 a.m.37 views

OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability(CVE-2017-8850)

Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details Due to lenient updater-script in the OnePlus OTA images see below, and the fact both ROMs use the same OTA verification keys, attackers can install HydrogenOS...

5CVSS6.1AI score0.01146EPSS
Exploits5
seebug.org
seebug.org
added 2017/05/12 12:0 a.m.72 views

OnePlus OTA Lack of TLS Vulnerability(CVE-2016-10370)

Summary The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as...

5CVSS6.4AI score0.01146EPSS
Exploits8
Prion
Prion
added 2017/05/11 6:29 p.m.15 views

Design/Logic Flaw

An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote...

5CVSS7.6AI score0.01146EPSS
Exploits8References3
Cvelist
Cvelist
added 2017/05/11 6:0 p.m.22 views

CVE-2016-10370

An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs due to the digital signature, it unnecessarily increases the attack surface, and allows for remote...

6.4AI score0.01146EPSS
Exploits4References3
CVE
CVE
added 2017/05/11 6:0 p.m.61 views

CVE-2016-10370

An issue linked to CVE-2016-10370 affects OnePlus OTA updaters on devices such as OnePlus 3/3T: the OTA image is delivered over HTTP without TLS, increasing the attack surface and enabling potential exploitation of other vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851). The root caus...

7.5CVSS6.2AI score0.01146EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder