Lucene search
K
OneplusOxygenos

11 matches found

CVE
CVE
added 2017/03/19 8:0 p.m.90 views

CVE-2017-5623

Technical details specific to CVE-2017-5623 are not provided in the connected documents. The materials discuss related CVEs and general context. Monitor for updates.

7.2CVSS6.3AI score0.00374EPSS
CVE
CVE
added 2017/03/12 4:57 a.m.80 views

CVE-2017-5626

CVE-2017-5626 affects OnePlus OnePlus 3/3T with OxygenOS before 4.0.2. The vulnerability hinges on two hidden fastboot oem commands (4F500301 and 4F500302) that bypass the bootloader lock, ignore OEM Unlocking, and do not require user confirmation or data erasure. Exploitation was demonstrated by...

10CVSS9.6AI score0.0282EPSS
CVE
CVE
added 2017/03/12 4:57 a.m.72 views

CVE-2017-5624

CVE-2017-5624 affects OnePlus 3/3T OxygenOS before 4.0.3, where the attacker can bypass dm-verity by issuing fastboot oem disable_dm_verity, causing the kernel to verify no partitions and enabling persistent code execution and privilege escalation. Public writeups describe a chain with CVE-2017-5...

10CVSS9.4AI score0.02673EPSS
CVE
CVE
added 2017/03/26 8:0 p.m.66 views

CVE-2017-5622

CVE-2017-5622 (OnePlus 3/3T, OxygenOS prior to 4.0.3) describes a vulnerability where a charger connected to a powered‑off device enables adbd, allowing an attacker to open an ADB session without user authorization. The linked sources explain that OnePlus customized adbd to bypass ADB authorizati...

5.9CVSS5.6AI score0.00306EPSS
Web
CVE
CVE
added 2017/05/11 6:0 p.m.64 views

CVE-2017-5948

CVE-2017-5948 is a downgrade-attack vulnerability in OnePlus OxygenOS and HydrogenOS OTA updates. The root cause is a lenient updater-script in OTAs for OnePlus One, X, 2, 3, and 3T that does not enforce that the current version is

5.9CVSS5.8AI score0.0076EPSS
CVE
CVE
added 2017/05/11 6:0 p.m.62 views

CVE-2016-10370

An issue linked to CVE-2016-10370 affects OnePlus OTA updaters on devices such as OnePlus 3/3T: the OTA image is delivered over HTTP without TLS, increasing the attack surface and enabling potential exploitation of other vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851). The root caus...

7.5CVSS6.2AI score0.01146EPSS
CVE
CVE
added 2017/05/11 6:0 p.m.59 views

CVE-2017-8850

CVE-2017-8850 covers OnePlus OTA downgrade/crossover vulnerabilities caused by lenient updater-scripts and shared OTA keys across OxygenOS and HydrogenOS, enabling cross-flash of OTAs and MiTM abuse of the update channel. The issue affects OnePlus devices including OnePlus One, X, 2, 3, and 3T, w...

5.9CVSS5.8AI score0.0043EPSS
CVE
CVE
added 2017/05/11 6:0 p.m.56 views

CVE-2017-8851

CVE-2017-8851 affects OnePlus One and OnePlus X. A lenient updater-script, shared OTA verification keys, and identical ro.build.product allow cross-flashing of OTAs between products, even with locked bootloaders. This enables MiTM targets of the update process and, since updates are not over TLS ...

5.9CVSS5.8AI score0.00453EPSS
CVE
CVE
added 2017/01/23 6:49 a.m.53 views

CVE-2017-5554

The CVE covers OnePlus 3/3T devices running OxygenOS before 4.0.2. A physical attacker can boot into fastboot without authentication by pressing Volume Up during boot and using adb reboot bootloader. Once in fastboot, the attacker can issue fastboot oem selinux permissive to set SELinux to Permis...

9.3CVSS7.7AI score0.02997EPSS
CVE
CVE
added 2017/04/25 4:0 p.m.53 views

CVE-2017-5625

The CVE affects OnePlus 3/3T devices running OxygenOS before 4.0.3. A compromised fastboot interface can allow an unauthorized attacker with physical access and bootloader that is locked to partially dump ciphertext content from arbitrary partitions (excluding keystore) via fastboot oem dump . Th...

4.6CVSS4.8AI score0.00335EPSS
CVE
CVE
added 2018/03/29 6:0 p.m.49 views

CVE-2017-5947

The CVE-2017-5947 issue affects OnePlus devices (OnePlus One, X, 2, 3, 3T, 5) running OxygenOS 5.0 and earlier. The root cause is the ability to force a reboot into Qualcomm Emergency Download (EDL) mode via ADB or Volume-Up when USB is connected, which can enable downgrading critical partitions ...

6.8CVSS6.5AI score0.00352EPSS