Search criteria
40 vulnerabilities found for OxygenOS by OnePlus
CVE-2025-10184 (GCVE-0-2025-10184)
Vulnerability from cvelistv5 – Published: 2025-09-23 13:02 – Updated: 2025-09-23 13:26
VLAI?
Summary
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.
The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:26:53.144445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:26:55.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OxygenOS",
"vendor": "OnePlus",
"versions": [
{
"status": "unaffected",
"version": "11.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "13.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "14.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "15.*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-09-23T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \u003cbr\u003e\u003cbr\u003eThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u0026nbsp;update method of those providers."
}
],
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \n\nThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u00a0update method of those providers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:02:47.366Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OnePlus OxygenOS Telephony provider permission bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10184",
"datePublished": "2025-09-23T13:02:47.366Z",
"dateReserved": "2025-09-09T14:58:29.247Z",
"dateUpdated": "2025-09-23T13:26:55.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5947 (GCVE-0-2017-5947)
Vulnerability from cvelistv5 – Published: 2018-03-29 18:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017007",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5947",
"datePublished": "2018-03-29T18:00:00",
"dateReserved": "2017-02-09T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8851 (GCVE-0-2017-8851)
Vulnerability from cvelistv5 – Published: 2017-05-11 18:00 – Updated: 2024-08-05 16:48
VLAI?
Summary
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same \u0027ro.build.product\u0027 system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same \u0027ro.build.product\u0027 system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017021",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8851",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-05-08T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10370 (GCVE-0-2016-10370)
Vulnerability from cvelistv5 – Published: 2017-05-11 18:00 – Updated: 2024-08-06 03:21
VLAI?
Summary
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98495"
},
{
"name": "https://alephsecurity.com/vulns/aleph-2017022",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"name": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/",
"refsource": "MISC",
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10370",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-05-08T00:00:00",
"dateUpdated": "2024-08-06T03:21:51.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8850 (GCVE-0-2017-8850)
Vulnerability from cvelistv5 – Published: 2017-05-11 18:00 – Updated: 2024-08-05 16:48
VLAI?
Summary
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017020",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8850",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-05-08T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5948 (GCVE-0-2017-5948)
Vulnerability from cvelistv5 – Published: 2017-05-11 18:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient \u0027updater-script\u0027 in OTAs that does not check that the current version is lower than or equal to the given image\u0027s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient \u0027updater-script\u0027 in OTAs that does not check that the current version is lower than or equal to the given image\u0027s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017008",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5948",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-02-09T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5625 (GCVE-0-2017-5625)
Vulnerability from cvelistv5 – Published: 2017-04-25 16:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except \u0027keystore\u0027) by issuing the \u0027fastboot oem dump \u003cpartition\u003e\u0027 fastboot command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except \u0027keystore\u0027) by issuing the \u0027fastboot oem dump \u003cpartition\u003e\u0027 fastboot command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017006",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5625",
"datePublished": "2017-04-25T16:00:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5622 (GCVE-0-2017-5622)
Vulnerability from cvelistv5 – Published: 2017-03-26 20:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017004",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5622",
"datePublished": "2017-03-26T20:00:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5623 (GCVE-0-2017-5623)
Vulnerability from cvelistv5 – Published: 2017-03-19 20:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"name": "97048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the \u0027fastboot oem boot_mode {rf/wlan/ftm/normal} command\u0027 in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-24T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"name": "97048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the \u0027fastboot oem boot_mode {rf/wlan/ftm/normal} command\u0027 in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017005",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"name": "97048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5623",
"datePublished": "2017-03-19T20:00:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10184 (GCVE-0-2025-10184)
Vulnerability from nvd – Published: 2025-09-23 13:02 – Updated: 2025-09-23 13:26
VLAI?
Summary
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.
The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:26:53.144445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:26:55.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OxygenOS",
"vendor": "OnePlus",
"versions": [
{
"status": "unaffected",
"version": "11.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "13.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "14.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "15.*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-09-23T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \u003cbr\u003e\u003cbr\u003eThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u0026nbsp;update method of those providers."
}
],
"value": "The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. \n\nThe root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the\u00a0update method of those providers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:02:47.366Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/"
},
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/bltd4b7439a28b6c866/68d168a6930d015d43a6b588/CVE-2025-10184_PoC.zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OnePlus OxygenOS Telephony provider permission bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10184",
"datePublished": "2025-09-23T13:02:47.366Z",
"dateReserved": "2025-09-09T14:58:29.247Z",
"dateUpdated": "2025-09-23T13:26:55.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5947 (GCVE-0-2017-5947)
Vulnerability from nvd – Published: 2018-03-29 18:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017007",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5947",
"datePublished": "2018-03-29T18:00:00",
"dateReserved": "2017-02-09T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8851 (GCVE-0-2017-8851)
Vulnerability from nvd – Published: 2017-05-11 18:00 – Updated: 2024-08-05 16:48
VLAI?
Summary
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same \u0027ro.build.product\u0027 system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same \u0027ro.build.product\u0027 system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017021",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8851",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-05-08T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10370 (GCVE-0-2016-10370)
Vulnerability from nvd – Published: 2017-05-11 18:00 – Updated: 2024-08-06 03:21
VLAI?
Summary
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98495"
},
{
"name": "https://alephsecurity.com/vulns/aleph-2017022",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"name": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/",
"refsource": "MISC",
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10370",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-05-08T00:00:00",
"dateUpdated": "2024-08-06T03:21:51.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8850 (GCVE-0-2017-8850)
Vulnerability from nvd – Published: 2017-05-11 18:00 – Updated: 2024-08-05 16:48
VLAI?
Summary
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017020",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8850",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-05-08T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5948 (GCVE-0-2017-5948)
Vulnerability from nvd – Published: 2017-05-11 18:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient \u0027updater-script\u0027 in OTAs that does not check that the current version is lower than or equal to the given image\u0027s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient \u0027updater-script\u0027 in OTAs that does not check that the current version is lower than or equal to the given image\u0027s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017008",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5948",
"datePublished": "2017-05-11T18:00:00",
"dateReserved": "2017-02-09T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5625 (GCVE-0-2017-5625)
Vulnerability from nvd – Published: 2017-04-25 16:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except \u0027keystore\u0027) by issuing the \u0027fastboot oem dump \u003cpartition\u003e\u0027 fastboot command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except \u0027keystore\u0027) by issuing the \u0027fastboot oem dump \u003cpartition\u003e\u0027 fastboot command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017006",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5625",
"datePublished": "2017-04-25T16:00:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5622 (GCVE-0-2017-5622)
Vulnerability from nvd – Published: 2017-03-26 20:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alephsecurity.com/vulns/aleph-2017004",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"name": "97092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5622",
"datePublished": "2017-03-26T20:00:00",
"dateReserved": "2017-01-29T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201703-0732
Vulnerability from variot - Updated: 2023-12-26 23:15With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. OxygenOS Contains an access control vulnerability.Information may be obtained and information may be altered. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There is a security bypass vulnerability in OxygenOS in OnePlus3 and 3T. OnePlus OxygenOS is prone to a local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Versions prior to OnePlus OxygenOS 4.0.3 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0732",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oxygenos",
"scope": "lt",
"trust": 1.4,
"vendor": "oneplus",
"version": "4.0.3"
},
{
"model": "3t",
"scope": null,
"trust": 1.1,
"vendor": "oneplus",
"version": null
},
{
"model": "oxygenos",
"scope": "lte",
"trust": 1.0,
"vendor": "oneplus",
"version": "4.0.2"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.9,
"vendor": "oneplus",
"version": "4.0.2"
},
{
"model": "3",
"scope": null,
"trust": 0.8,
"vendor": "oneplus",
"version": null
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.1"
},
{
"model": "oneplus",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "3"
},
{
"model": "oxygenos",
"scope": "ne",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "BID",
"id": "97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roee Hay (@roeehay) of Aleph Research, HCL Technologies.",
"sources": [
{
"db": "BID",
"id": "97092"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5622",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-05363",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5622",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5622",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-05363",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-5622",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. OxygenOS Contains an access control vulnerability.Information may be obtained and information may be altered. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There is a security bypass vulnerability in OxygenOS in OnePlus3 and 3T. OnePlus OxygenOS is prone to a local code-execution vulnerability. \nA local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. \nVersions prior to OnePlus OxygenOS 4.0.3 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "BID",
"id": "97092"
},
{
"db": "VULMON",
"id": "CVE-2017-5622"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5622",
"trust": 3.4
},
{
"db": "BID",
"id": "97092",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-05363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-5622",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"db": "BID",
"id": "97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"id": "VAR-201703-0732",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
}
]
},
"last_update_date": "2023-12-26T23:15:59.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://oneplus.net/"
},
{
"title": "OnePlus3 and 3TOxygenOS security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/92318"
},
{
"title": "OnePlus 3 and 3T OxygenOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68756"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "NVD",
"id": "CVE-2017-5622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/97092"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5622"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5622"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/97092/info"
},
{
"trust": 0.3,
"url": "https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/"
},
{
"trust": 0.3,
"url": "https://forums.oneplus.net/threads/oxygenos-4-0-3-n-ota-for-oneplus-3.497080/"
},
{
"trust": 0.3,
"url": "https://oneplusstore.in/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice"
},
{
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"db": "BID",
"id": "97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"db": "BID",
"id": "97092"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"date": "2017-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "97092"
},
{
"date": "2017-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"date": "2017-03-26T20:59:00.160000",
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"date": "2017-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05363"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5622"
},
{
"date": "2017-03-29T00:02:00",
"db": "BID",
"id": "97092"
},
{
"date": "2017-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002681"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5622"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97092"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OxygenOS Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1094"
}
],
"trust": 0.6
}
}
VAR-201705-3184
Vulnerability from variot - Updated: 2023-12-26 23:12An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off). OnePlus One , X , 2 , 3 ,and 3T The device contains an access control vulnerability. OnePlusOne and others are all smartphones from China OnePlus. OxygenOS and HydrogenOS are their own operating systems. HydrogenOSOTAs is a system update application in HydrogenOS. There are security vulnerabilities in OxygenOS and HydrogenOSOTAs in several OnePlus products. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This issue affects OnePlus devices running OxygenOS 4.1.3 and prior or HydrogenOS 3.0 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oxygenos",
"scope": null,
"trust": 2.0,
"vendor": "oneplus",
"version": null
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 1.0,
"vendor": "oneplus",
"version": "*"
},
{
"model": "hydrogenos otas",
"scope": null,
"trust": 0.6,
"vendor": "oneplus",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "x0"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.1.3"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.1.1"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.1"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.3"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.2"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.1"
},
{
"model": "one",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "0"
},
{
"model": "hydrogenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "3.0"
},
{
"model": "3t",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "30"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"db": "BID",
"id": "98500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5948"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roee Hay of Aleph Research, HCL Technologies",
"sources": [
{
"db": "BID",
"id": "98500"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-5948",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-06955",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-5948",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5948",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-06955",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-635",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-5948",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient \u0027updater-script\u0027 in OTAs that does not check that the current version is lower than or equal to the given image\u0027s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off). OnePlus One , X , 2 , 3 ,and 3T The device contains an access control vulnerability. OnePlusOne and others are all smartphones from China OnePlus. OxygenOS and HydrogenOS are their own operating systems. HydrogenOSOTAs is a system update application in HydrogenOS. There are security vulnerabilities in OxygenOS and HydrogenOSOTAs in several OnePlus products. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. \nThis issue affects OnePlus devices running OxygenOS 4.1.3 and prior or HydrogenOS 3.0 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"db": "BID",
"id": "98500"
},
{
"db": "VULMON",
"id": "CVE-2017-5948"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5948",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-06955",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-635",
"trust": 0.6
},
{
"db": "BID",
"id": "98500",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-5948",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"db": "BID",
"id": "98500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"id": "VAR-201705-3184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
}
],
"trust": 0.825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
}
]
},
"last_update_date": "2023-12-26T23:12:47.193000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://oneplus.net/"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "NVD",
"id": "CVE-2017-5948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://alephsecurity.com/vulns/aleph-2017008"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5948"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5948"
},
{
"trust": 0.3,
"url": "https://oneplus.net/"
},
{
"trust": 0.3,
"url": "https://alephsecurity.com/2017/05/11/oneplus-ota/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98500"
},
{
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice"
},
{
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"db": "BID",
"id": "98500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"db": "BID",
"id": "98500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"date": "2017-05-11T00:00:00",
"db": "BID",
"id": "98500"
},
{
"date": "2017-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"date": "2017-05-11T18:29:00.220000",
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"date": "2017-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06955"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5948"
},
{
"date": "2017-05-11T00:00:00",
"db": "BID",
"id": "98500"
},
{
"date": "2017-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004054"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5948"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OnePlus One Device access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-635"
}
],
"trust": 0.6
}
}
VAR-201701-0738
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive. OnePlus3and3T is one of the two smart phones from the company. OnePlus3and3T has a denial of service vulnerability. A remote attacker could exploit the vulnerability to restart the device, causing a denial of service. OnePlus 3 and 3T is prone to a local denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0738",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3t",
"scope": null,
"trust": 1.7,
"vendor": "oneplus",
"version": null
},
{
"model": "oxygenos",
"scope": "lte",
"trust": 1.0,
"vendor": "oneplus",
"version": "3.5.4"
},
{
"model": "oxygenos",
"scope": "lte",
"trust": 1.0,
"vendor": "oneplus",
"version": "3.2.8"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.9,
"vendor": "oneplus",
"version": "4.0.1"
},
{
"model": "oneplus",
"scope": "eq",
"trust": 0.9,
"vendor": "oneplus",
"version": "3"
},
{
"model": "3",
"scope": null,
"trust": 0.8,
"vendor": "oneplus",
"version": null
},
{
"model": "oxygenos",
"scope": "lt",
"trust": 0.8,
"vendor": "oneplus",
"version": "4.0.2"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.6,
"vendor": "oneplus",
"version": "3.2.8"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.6,
"vendor": "oneplus",
"version": "3.5.4"
},
{
"model": "oxygenos",
"scope": "ne",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "BID",
"id": "95706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roee Hay of the IBM X-Force Application Security Research Team.",
"sources": [
{
"db": "BID",
"id": "95706"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5554",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-01097",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5554",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5554",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01097",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-863",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the \"Volume Up\" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform\u0027s SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive. OnePlus3and3T is one of the two smart phones from the company. OnePlus3and3T has a denial of service vulnerability. A remote attacker could exploit the vulnerability to restart the device, causing a denial of service. OnePlus 3 and 3T is prone to a local denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "BID",
"id": "95706"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5554",
"trust": 3.3
},
{
"db": "BID",
"id": "95706",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-01097",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "BID",
"id": "95706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"id": "VAR-201701-0738",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
}
]
},
"last_update_date": "2023-12-18T13:53:09.168000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://oneplus.net/"
},
{
"title": "Patch for OnePlus3and3T Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/88796"
},
{
"title": "OnePlus 3 and 3T OxygenOS Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67386"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "NVD",
"id": "CVE-2017-5554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/95706"
},
{
"trust": 1.9,
"url": "https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5554"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5554"
},
{
"trust": 0.3,
"url": "https://oneplusstore.in/"
},
{
"trust": 0.3,
"url": "https://exchange.xforce.ibmcloud.com/collection/oneplus-3-fastboot-oem-selinux-permissive-vulnerability-d38d8557f1a01570539151c782d52aaf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "BID",
"id": "95706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"db": "BID",
"id": "95706"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"date": "2017-01-23T00:00:00",
"db": "BID",
"id": "95706"
},
{
"date": "2017-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"date": "2017-01-23T07:59:00.627000",
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"date": "2017-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01097"
},
{
"date": "2017-02-02T00:01:00",
"db": "BID",
"id": "95706"
},
{
"date": "2017-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001361"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5554"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OnePlus 3 and 3T of OxygenOS of ABOOT Without authentication in fastboot To reboot the device in mode",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-863"
}
],
"trust": 0.6
}
}
VAR-201704-0651
Vulnerability from variot - Updated: 2023-12-18 13:48In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump ' fastboot command. OnePlus 3 and 3T Run on device OxygenOS Is NULL A vulnerability related to pointer dereference exists.Information may be obtained. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There are security vulnerabilities in versions of OxygenOS 4.0.3 on OnePlus3 and 3T devices. An unauthorized attacker could exploit the vulnerability to obtain sensitive information on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0651",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oxygenos",
"scope": "lt",
"trust": 1.4,
"vendor": "oneplus",
"version": "4.0.3"
},
{
"model": "oxygenos",
"scope": "lte",
"trust": 1.0,
"vendor": "oneplus",
"version": "4.0.2"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.6,
"vendor": "oneplus",
"version": "4.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5625"
}
]
},
"cve": "CVE-2017-5625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5625",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-06819",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5625",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5625",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-06819",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1405",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except \u0027keystore\u0027) by issuing the \u0027fastboot oem dump \u003cpartition\u003e\u0027 fastboot command. OnePlus 3 and 3T Run on device OxygenOS Is NULL A vulnerability related to pointer dereference exists.Information may be obtained. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There are security vulnerabilities in versions of OxygenOS 4.0.3 on OnePlus3 and 3T devices. An unauthorized attacker could exploit the vulnerability to obtain sensitive information on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "CNVD",
"id": "CNVD-2017-06819"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5625",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-06819",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"id": "VAR-201704-0651",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
}
]
},
"last_update_date": "2023-12-18T13:48:39.691000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://oneplus.net/"
},
{
"title": "Patch for OnePlus3 and 3TOxygenOS Security Bypass Vulnerability (CNVD-2017-06819)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/93811"
},
{
"title": "OnePlus 3 and 3T OxygenOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69659"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "NVD",
"id": "CVE-2017-5625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://alephsecurity.com/vulns/aleph-2017006"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5625"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5625"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"date": "2017-04-25T16:59:00.230000",
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"date": "2017-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06819"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003605"
},
{
"date": "2017-05-05T17:37:41.113000",
"db": "NVD",
"id": "CVE-2017-5625"
},
{
"date": "2017-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OnePlus 3 and 3T Run on device OxygenOS In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1405"
}
],
"trust": 0.6
}
}
VAR-201703-0733
Vulnerability from variot - Updated: 2022-05-04 09:29An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. OnePlus 3 and 3T Run on device OxygenOS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. OnePlus OxygenOS is prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Versions prior to OnePlus OxygenOS 4.1.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0733",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oxygenos",
"scope": "lte",
"trust": 1.0,
"vendor": "oneplus",
"version": "4.0.3"
},
{
"model": "oxygenos",
"scope": "lt",
"trust": 0.8,
"vendor": "oneplus",
"version": "4.1.0"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.6,
"vendor": "oneplus",
"version": "4.0.3"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.2"
},
{
"model": "oxygenos",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.0.1"
},
{
"model": "3t",
"scope": null,
"trust": 0.3,
"vendor": "oneplus",
"version": null
},
{
"model": "oneplus",
"scope": "eq",
"trust": 0.3,
"vendor": "oneplus",
"version": "3"
},
{
"model": "oxygenos",
"scope": "ne",
"trust": 0.3,
"vendor": "oneplus",
"version": "4.1"
}
],
"sources": [
{
"db": "BID",
"id": "97048"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roee Hay (@roeehay) of Aleph Research, HCL Technologies",
"sources": [
{
"db": "BID",
"id": "97048"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5623",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5623",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5623",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5623",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-833",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the \u0027fastboot oem boot_mode {rf/wlan/ftm/normal} command\u0027 in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. OnePlus 3 and 3T Run on device OxygenOS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. OnePlus OxygenOS is prone to a local security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. \nVersions prior to OnePlus OxygenOS 4.1.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5623"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "BID",
"id": "97048"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5623",
"trust": 2.7
},
{
"db": "BID",
"id": "97048",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002501",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "97048"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"id": "VAR-201703-0733",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45833334
},
"last_update_date": "2022-05-04T09:29:41.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://oneplus.net/"
},
{
"title": "OnePlus 3 and 3T OxygenOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68628"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/97048"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5623"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5623"
},
{
"trust": 0.3,
"url": "https://oneplus.net/"
}
],
"sources": [
{
"db": "BID",
"id": "97048"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "97048"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-17T00:00:00",
"db": "BID",
"id": "97048"
},
{
"date": "2017-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"date": "2017-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"date": "2017-03-19T20:59:00",
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-29T00:01:00",
"db": "BID",
"id": "97048"
},
{
"date": "2017-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002501"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-833"
},
{
"date": "2019-10-03T00:03:00",
"db": "NVD",
"id": "CVE-2017-5623"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97048"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OnePlus 3 and 3T Run on device OxygenOS Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002501"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-833"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-5947
Vulnerability from fkie_nvd - Published: 2018-03-29 18:29 - Updated: 2024-11-21 03:28
Severity ?
Summary
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017007 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017007 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EE237-7537-4691-9B54-2287B47C1695",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "332B048C-6522-41A7-9DAB-834FBFCA3C00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F179266A-2A67-4A9D-89E6-B3CCE4430A68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8AD37A-7539-4F16-8AC2-2556035B0DE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A390FA-9B56-4645-991D-5E9CB16966B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos OnePlus One, X, 2, 3, 3T y 5 con OxygenOS 5.0 y anteriores. El atacante puede reiniciar el dispositivo en modo Qualcomm Emergency Download (EDL) mediante ADB o empleando la tecla de subir volumen al estar conectado a USB. Esto podr\u00eda permitir la degradaci\u00f3n de particiones como Android Bootloader."
}
],
"id": "CVE-2017-5947",
"lastModified": "2024-11-21T03:28:43.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-29T18:29:01.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-8850
Vulnerability from fkie_nvd - Published: 2017-05-11 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017020 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017020 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8189780A-EA20-4B96-A625-48D12948B3F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "332B048C-6522-41A7-9DAB-834FBFCA3C00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8AD37A-7539-4F16-8AC2-2556035B0DE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A390FA-9B56-4645-991D-5E9CB16966B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos OnePlus One, X, 2, 3 y 3T. Debido a un script de actualizaci\u00f3n en las im\u00e1genes OTA de OnePlus, y el hecho de que ambas ROM utilicen las mismas claves de verificaci\u00f3n OTA. Los atacantes pueden instalar HydrogenOS sobre OxygenOS y viceversa, incluso en cargadores de arranque bloqueados, lo que permite la explotaci\u00f3n de vulnerabilidades parcheadas en una imagen pero no en la otra, adem\u00e1s de la expansi\u00f3n de la superficie de ataque. Esta vulnerabilidad puede ser explotada por atacantes Man-in-the-Middle (MiTM) que apuntan al proceso de actualizaci\u00f3n. Esto es posible porque la transacci\u00f3n de actualizaci\u00f3n no se produce sobre TLS (CVE-2016-10370). Adem\u00e1s, los atacantes f\u00edsicos pueden reiniciar el tel\u00e9fono en la recuperaci\u00f3n y, a continuaci\u00f3n, utilizar \u0027sbdb sideload\u0027 en la OTA (en OnePlus 3/3T \u0027Secure Start-up\u0027 debe estar apagado)."
}
],
"id": "CVE-2017-8850",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-11T18:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5948
Vulnerability from fkie_nvd - Published: 2017-05-11 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017008 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017008 | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8189780A-EA20-4B96-A625-48D12948B3F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "332B048C-6522-41A7-9DAB-834FBFCA3C00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8AD37A-7539-4F16-8AC2-2556035B0DE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A390FA-9B56-4645-991D-5E9CB16966B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient \u0027updater-script\u0027 in OTAs that does not check that the current version is lower than or equal to the given image\u0027s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA (on OnePlus 3/3T \u0027Secure Start-up\u0027 must be off)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos OnePlus versiones One, X, 2, 3 y 3T. OxygenOS e HydrogenOS son vulnerables a ataques de degradaci\u00f3n. Esto se debe a un \"updater-script\" indulgente en OTAs que no comprueba que la versi\u00f3n actual sea inferior o igual a la de la imagen en cuesti\u00f3n. Las degradaciones pueden ocurrir incluso en cargadores de arranque bloqueados y sin activar un restablecimiento de f\u00e1brica, permitiendo la explotaci\u00f3n de las vulnerabilidades ahora parcheadas con acceso a los datos del usuario. Esta vulnerabilidad puede ser explotada por un atacante de tipo Man-in-the-Middle (MiTM) que se dirija al proceso de actualizaci\u00f3n. Esto es posible porque la transacci\u00f3n de actualizaci\u00f3n no se realiza por medio de TLS (CVE-2016-10370). Adicionalmente, un atacante f\u00edsico puede reiniciar el tel\u00e9fono en la recuperaci\u00f3n y luego usar \"adb sideload\" para empujar la OTA (en OnePlus 3/3T \"Secure Start-up\" debe estar desactivado)."
}
],
"id": "CVE-2017-5948",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-11T18:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017008"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-10370
Vulnerability from fkie_nvd - Published: 2017-05-11 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98495 | ||
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017022 | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98495 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017022 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oneplus | oxygenos | * | |
| oneplus | oneplus_3t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8189780A-EA20-4B96-A625-48D12948B3F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
},
{
"lang": "es",
"value": "Un problema fue descubierto en dispositivos OnePlus como el 3T. El actualizador OTA OnePlus pasa la imagen OTA firmada a trav\u00e9s de HTTP sin TLS. Aunque no se permite las instalaciones OTA arbitrarias (debido a la firma digital), aumenta innecesariamente la superficie de ataque y permite la explotaci\u00f3n remota de otras vulnerabilidades como CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851."
}
],
"id": "CVE-2016-10370",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-11T18:29:00.173",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/98495"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-8851
Vulnerability from fkie_nvd - Published: 2017-05-11 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017021 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017021 | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8189780A-EA20-4B96-A625-48D12948B3F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8AD37A-7539-4F16-8AC2-2556035B0DE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A390FA-9B56-4645-991D-5E9CB16966B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same \u0027ro.build.product\u0027 system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use \u0027adb sideload\u0027 to push the OTA."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos OnePlus One y X. Debido a un script de actualizaci\u00f3n en las im\u00e1genes OTA de OnePlus One y X. El hecho de que ambos productos usen las mismas claves de verificaci\u00f3n OTA y el hecho de que ambos productos comparten la misma propiedad del sistema \u0027ro.build.product\u0027, los atacantes pueden instalar OTAs de un producto sobre el otro, incluso en cargadores de arranque bloqueados. Eso te\u00f3ricamente podr\u00eda permitir la explotaci\u00f3n de vulnerabilidades parcheadas en una imagen pero no en la otra, adem\u00e1s de la expansi\u00f3n de la superficie de ataque. Adem\u00e1s, la vulnerabilidad puede causar que el dispositivo sea inutilizable hasta que se realice un restablecimiento de f\u00e1brica. Esta vulnerabilidad puede ser explotada por atacantes Man-in-the-Middle (MiTM) que apuntan al proceso de actualizaci\u00f3n. Esto es posible porque la transacci\u00f3n de actualizaci\u00f3n no se produce sobre TLS (CVE-2016-10370). Adem\u00e1s, los atacantes f\u00edsicos pueden reiniciar el tel\u00e9fono en recuperaci\u00f3n y, a continuaci\u00f3n, utilizar \u0027sideload\u0027 para forzar la OTA."
}
],
"id": "CVE-2017-8851",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-11T18:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5625
Vulnerability from fkie_nvd - Published: 2017-04-25 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017006 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017006 | Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FA279E-C889-4021-8A82-B866FADC73E1",
"versionEndIncluding": "4.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except \u0027keystore\u0027) by issuing the \u0027fastboot oem dump \u003cpartition\u003e\u0027 fastboot command."
},
{
"lang": "es",
"value": "Vulnerabilidad en OxygenOS en versiones anteriores a la 4.0.3, en OnePlus 3 y 3T, a trav\u00e9s de la cual un atacante podr\u00eda bloquear el gestor de arranque para descargar parcialmente el contenido de cifrado de una partici\u00f3n arbitraria (a excepci\u00f3n de \u2018keystore\u2019) a trav\u00e9s del comando fastboot \u0027fastboot oem dump \u0027."
}
],
"id": "CVE-2017-5625",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-25T16:59:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5622
Vulnerability from fkie_nvd - Published: 2017-03-26 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97092 | ||
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017004 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97092 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017004 | Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FA279E-C889-4021-8A82-B866FADC73E1",
"versionEndIncluding": "4.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information."
},
{
"lang": "es",
"value": "Con OxygenOS en versiones anteriores a 4.0.3, cuando un cargador est\u00e1 conectado a un dispositivo OnePlus 3 o 3T apagado, la plataforma comienza con adbd habilitado. Por tanto, un cargador malicioso o un atacante f\u00edsico puede abrir, sin autorizaci\u00f3n, una sesi\u00f3n ADB con el dispositivo, con el fin de seguir explotando otras vulnerabilidades y/o exfiltrar informaci\u00f3n sensible."
}
],
"id": "CVE-2017-5622",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-26T20:59:00.160",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97092"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5623
Vulnerability from fkie_nvd - Published: 2017-03-19 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97048 | ||
| cve@mitre.org | https://alephsecurity.com/vulns/aleph-2017005 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97048 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://alephsecurity.com/vulns/aleph-2017005 | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "399C6C05-D27E-4257-B97C-B036F3D10298",
"versionEndIncluding": "4.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B1891E-38B0-42C5-89D3-3DC12217F087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the \u0027fastboot oem boot_mode {rf/wlan/ftm/normal} command\u0027 in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OxygenOS en versiones anteriores a 4.1.0 en dispositivos OnePlus 3 y 3T. El atacante puede cambiar el modo de arranque del dispositivo emitiendo el comando \u0027bootboom oem boot_mode {rf/wlan/ftm/normal}\u0027 en contradicci\u00f3n con el modelo de amenaza de Android donde el gestor de arranque NO DEBE permitir que se ejecute ninguna operaci\u00f3n sensible a la seguridad a menos que el gestor de arranque est\u00e1 desbloqueado."
}
],
"id": "CVE-2017-5623",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-19T20:59:00.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97048"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://alephsecurity.com/vulns/aleph-2017005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}