Unspecified Vulnerability in OxygenOS and HydrogenOS OTAs for Multiple OnePlus Products

OnePlus One and others are smartphones from China's OnePlus Technology OnePlus.OxygenOS and HydrogenOS are both operating systems that come with them.HydrogenOS OTAs is a system update application in HydrogenOS. A security vulnerability exists in OxygenOS and HydrogenOS OTAs in multiple OnePlus...

OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability(CVE-2017-8850)

Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details Due to lenient updater-script in the OnePlus OTA images see below, and the fact both ROMs use the same OTA verification keys, attackers can install HydrogenOS...

OnePlus OTA Downgrade Vulnerability(CVE-2017-5948)

Products OnePlus 3T OnePlus 3 OnePlus 2 OnePlus X OnePlus One Vulnerable Version All OnePlus OxygenOS & HydrogenOS OTAs Technical Details lenient updater-script in the OnePlus OTAs which does not check that the current version is lower than or equal to the given image’s see below the 4.0.0...

Design/Logic Flaw

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on...

CVE-2017-5948

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on...

CVE-2017-5948

CVE-2017-5948 is a downgrade-attack vulnerability in OnePlus OxygenOS and HydrogenOS OTA updates. The root cause is a lenient updater-script in OTAs for OnePlus One, X, 2, 3, and 3T that does not enforce that the current version is