Lucene search
+L

149 matches found

osv
osv
added 2017/03/19 8:59 p.m.2 views

CVE-2017-5623

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...

6.6CVSS5.8AI score0.00374EPSS
Exploits3References2
nvd
nvd
added 2017/03/19 8:59 p.m.21 views

CVE-2017-5623

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...

7.2CVSS6.4AI score0.00374EPSS
Exploits3References2
cvelist
cvelist
added 2017/03/19 8:0 p.m.24 views

CVE-2017-5623

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...

6.4AI score0.00374EPSS
Exploits3References2
cve
cve
added 2017/03/19 8:0 p.m.90 views

CVE-2017-5623

Technical details specific to CVE-2017-5623 are not provided in the connected documents. The materials discuss related CVEs and general context. Monitor for updates.

7.2CVSS6.3AI score0.00374EPSS
Exploits3References2Affected Software1
cnvd
cnvd
added 2017/03/13 12:0 a.m.8 views

OxygenOS Elevation of Privilege Vulnerability

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. An elevation of privilege vulnerability exists in OxygenOS versions prior to 4.0.3. The vulnerability can be exploited by an attacker to execute arbitrary code and...

10CVSS8.1AI score0.02673EPSS
Exploits3References1
cnvd
cnvd
added 2017/03/13 12:0 a.m.5 views

OxygenOS Code Execution Vulnerability

The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. A code execution vulnerability exists in OxygenOS versions prior to 4.0.2. On the OnePlus 3 and 3T, two hidden fastbootoem commands 4F500301 and 4F500302 allow an...

10CVSS7.6AI score0.0282EPSS
Exploits3References1
nvd
nvd
added 2017/03/12 5:59 a.m.30 views

CVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...

10CVSS9.7AI score0.0282EPSS
Exploits3References1
prion
prion
added 2017/03/12 5:59 a.m.35 views

Privilege escalation

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

10CVSS9.4AI score0.02673EPSS
Exploits3References1Affected Software1
nvd
nvd
added 2017/03/12 5:59 a.m.29 views

CVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

10CVSS9.5AI score0.02673EPSS
Exploits3References1
osv
osv
added 2017/03/12 5:59 a.m.8 views

CVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...

9.8CVSS6.2AI score0.0282EPSS
Exploits3References1
osv
osv
added 2017/03/12 5:59 a.m.4 views

CVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

9.8CVSS6.2AI score
Exploits0References1
cvelist
cvelist
added 2017/03/12 4:57 a.m.30 views

CVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

9.5AI score0.02673EPSS
Exploits3References1
cvelist
cvelist
added 2017/03/12 4:57 a.m.34 views

CVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...

9.7AI score0.0282EPSS
Exploits3References1
cve
cve
added 2017/03/12 4:57 a.m.80 views

CVE-2017-5626

CVE-2017-5626 affects OnePlus OnePlus 3/3T with OxygenOS before 4.0.2. The vulnerability hinges on two hidden fastboot oem commands (4F500301 and 4F500302) that bypass the bootloader lock, ignore OEM Unlocking, and do not require user confirmation or data erasure. Exploitation was demonstrated by...

10CVSS9.6AI score0.0282EPSS
Exploits3References1Affected Software1
cve
cve
added 2017/03/12 4:57 a.m.72 views

CVE-2017-5624

CVE-2017-5624 affects OnePlus 3/3T OxygenOS before 4.0.3, where the attacker can bypass dm-verity by issuing fastboot oem disable_dm_verity, causing the kernel to verify no partitions and enabling persistent code execution and privilege escalation. Public writeups describe a chain with CVE-2017-5...

10CVSS9.4AI score0.02673EPSS
Exploits3References1Affected Software1
myhack58
myhack58
added 2017/02/13 12:0 a.m.173 views

Get a locked OnePlus 3/3T: boot loader vulnerability-vulnerability warning-the black bar safety net

In this article, I disclosed the OnePlus 3/3T boot loader in the two holes. The first CVE-2017-5626 is the impact of OxygenOS 3.2-4.0.1(4.0.2 to patch high-risk vulnerabilities. The vulnerability allows a physical opponent or use ADB/ FASTBOOT access to bypass the bootloader lock state, even if t...

9.6AI score0.0282EPSS
Exploits5
seebug
seebug
added 2017/02/10 12:0 a.m.86 views

OnePlus 3/3T: Bootloader disable dm-verity Vulnerability (CVE-2017-5624)

CVE-2017-5624, affecting all versions of OxygenOS to date, allows the attacker to disable dm-verity. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data after the...

10CVSS9.5AI score0.02673EPSS
Exploits3
seebug
seebug
added 2017/02/10 12:0 a.m.128 views

OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)

Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...

10CVSS9.4AI score0.0282EPSS
Exploits3
cnvd
cnvd
added 2017/01/25 12:0 a.m.6 views

OnePlus 3 and 3T Denial of Service Vulnerability

OnePlus 3 and 3T are two smartphones from OnePlus Technologies. A denial of service vulnerability exists in the OnePlus 3 and 3T. A remote attacker can exploit the vulnerability to reboot the device and cause a denial of service...

9.3CVSS6.8AI score0.02997EPSS
Exploits1References1
nvd
nvd
added 2017/01/23 7:59 a.m.26 views

CVE-2017-5554

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...

9.3CVSS7.8AI score0.02997EPSS
Exploits1References3
Rows per page
Query Builder