149 matches found
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
Technical details specific to CVE-2017-5623 are not provided in the connected documents. The materials discuss related CVEs and general context. Monitor for updates.
OxygenOS Elevation of Privilege Vulnerability
The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. An elevation of privilege vulnerability exists in OxygenOS versions prior to 4.0.3. The vulnerability can be exploited by an attacker to execute arbitrary code and...
OxygenOS Code Execution Vulnerability
The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system it comes with. A code execution vulnerability exists in OxygenOS versions prior to 4.0.2. On the OnePlus 3 and 3T, two hidden fastbootoem commands 4F500301 and 4F500302 allow an...
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
Privilege escalation
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
CVE-2017-5626
CVE-2017-5626 affects OnePlus OnePlus 3/3T with OxygenOS before 4.0.2. The vulnerability hinges on two hidden fastboot oem commands (4F500301 and 4F500302) that bypass the bootloader lock, ignore OEM Unlocking, and do not require user confirmation or data erasure. Exploitation was demonstrated by...
CVE-2017-5624
CVE-2017-5624 affects OnePlus 3/3T OxygenOS before 4.0.3, where the attacker can bypass dm-verity by issuing fastboot oem disable_dm_verity, causing the kernel to verify no partitions and enabling persistent code execution and privilege escalation. Public writeups describe a chain with CVE-2017-5...
Get a locked OnePlus 3/3T: boot loader vulnerability-vulnerability warning-the black bar safety net
In this article, I disclosed the OnePlus 3/3T boot loader in the two holes. The first CVE-2017-5626 is the impact of OxygenOS 3.2-4.0.1(4.0.2 to patch high-risk vulnerabilities. The vulnerability allows a physical opponent or use ADB/ FASTBOOT access to bypass the bootloader lock state, even if t...
OnePlus 3/3T: Bootloader disable dm-verity Vulnerability (CVE-2017-5624)
CVE-2017-5624, affecting all versions of OxygenOS to date, allows the attacker to disable dm-verity. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data after the...
OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)
Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...
OnePlus 3 and 3T Denial of Service Vulnerability
OnePlus 3 and 3T are two smartphones from OnePlus Technologies. A denial of service vulnerability exists in the OnePlus 3 and 3T. A remote attacker can exploit the vulnerability to reboot the device and cause a denial of service...
CVE-2017-5554
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...