Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    38 vulnerabilities by OPPO

    CVE-2026-22078 (GCVE-0-2026-22078)

    Vulnerability from nvd – Published: 2026-06-29 08:05 – Updated: 2026-06-29 11:53
    VLAI
    Title
    O+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.
    Summary
    Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect privilege assignment
    Assigner
    Impacted products
    Vendor Product Version
    OPPO O+ Connect Affected: 16.0.33
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T11:53:04.056229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T11:53:21.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "O+ Connect",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.0.33"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Because O+ Connect\u0027s IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel."
                }
              ],
              "value": "Because O+ Connect\u0027s IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266 Incorrect privilege assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T11:52:51.499Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2070415238859333632"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "O+ Connect\u0027s lack of authentication for IPC channels led to a local privilege escalation vulnerability.",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22078",
        "datePublished": "2026-06-29T08:05:49.776Z",
        "dateReserved": "2026-01-06T06:15:53.765Z",
        "dateUpdated": "2026-06-29T11:53:21.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22069 (GCVE-0-2026-22069)

    Vulnerability from nvd – Published: 2026-05-19 02:47 – Updated: 2026-06-29 11:56
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-29T11:56:05.068Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22069",
        "datePublished": "2026-05-19T02:47:20.980Z",
        "dateRejected": "2026-06-29T11:56:05.068Z",
        "dateReserved": "2026-01-06T06:15:53.763Z",
        "dateUpdated": "2026-06-29T11:56:05.068Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22070 (GCVE-0-2026-22070)

    Vulnerability from nvd – Published: 2026-04-30 08:27 – Updated: 2026-04-30 13:01
    VLAI
    Title
    ColorOS Assistant Path Traversal Vulnerability
    Summary
    ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    Impacted products
    Vendor Product Version
    OPPO ColorOS Assistant Unaffected: 1.4.26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22070",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-30T13:01:03.772357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-30T13:01:16.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ColorOS Assistant",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1.4.26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal."
                }
              ],
              "value": "ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T08:27:57.043Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2049764240746881024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ColorOS Assistant Path Traversal Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22070",
        "datePublished": "2026-04-30T08:27:57.043Z",
        "dateReserved": "2026-01-06T06:15:53.764Z",
        "dateUpdated": "2026-04-30T13:01:16.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22077 (GCVE-0-2026-22077)

    Vulnerability from nvd – Published: 2026-04-27 06:37 – Updated: 2026-04-27 13:29
    VLAI
    Title
    Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet
    Summary
    OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T13:19:04.793103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-346",
                    "description": "CWE-346 Origin Validation Error",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T13:29:23.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Wallet APP",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure."
                }
              ],
              "value": "OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-27T07:27:33.199Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2048652556296790016"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22077",
        "datePublished": "2026-04-27T06:37:05.647Z",
        "dateReserved": "2026-01-06T06:15:53.765Z",
        "dateUpdated": "2026-04-27T13:29:23.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27388 (GCVE-0-2025-27388)

    Vulnerability from nvd – Published: 2025-08-14 07:15 – Updated: 2025-08-14 19:37
    VLAI
    Title
    Arbitrary URL Loading in WebView Leading to Token Leakage Risk
    Summary
    Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO HEALTH APP Affected: 4.23.4 and below , ≤ 4.23.4 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T19:36:20.850842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-14T19:37:41.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO HEALTH APP",
              "vendor": "OPPO",
              "versions": [
                {
                  "lessThanOrEqual": "4.23.4",
                  "status": "affected",
                  "version": "4.23.4 and below",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens."
                }
              ],
              "value": "Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-639",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-639 Probe System Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-14T07:15:10.875Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1955879800426209280"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary URL Loading in WebView Leading to Token Leakage Risk",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2025-27388",
        "datePublished": "2025-08-14T07:15:10.875Z",
        "dateReserved": "2025-02-24T03:04:32.845Z",
        "dateUpdated": "2025-08-14T19:37:41.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27387 (GCVE-0-2025-27387)

    Vulnerability from nvd – Published: 2025-06-23 09:28 – Updated: 2026-01-06 06:20
    VLAI
    Title
    OPPO Clone Phone uses weak WPA passphrase as only means of security
    Summary
    OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    OPPO ColorOS Affected: 15.0.2 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T12:09:11.626527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T12:14:46.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ColorOS",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.0.2 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure."
                }
              ],
              "value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T06:20:24.543Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072https://"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Clone Phone uses weak WPA passphrase as only means of security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2025-27387",
        "datePublished": "2025-06-23T09:28:08.244Z",
        "dateReserved": "2025-02-24T03:04:32.845Z",
        "dateUpdated": "2026-01-06T06:20:24.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1609 (GCVE-0-2024-1609)

    Vulnerability from nvd – Published: 2024-12-25 03:14 – Updated: 2024-12-26 19:52
    VLAI
    Title
    OPPO Store APP has a WebView component privilege escalation vulnerability.
    Summary
    In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPP Store Affected: 3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-26T19:51:53.624999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-26T19:52:25.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPP Store",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn OPPOStore iOS App, there\u0027s a possible escalation of privilege due to improper input validation. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In OPPOStore iOS App, there\u0027s a possible escalation of privilege due to improper input validation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-25T03:14:43.216Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Store APP has a WebView component privilege escalation vulnerability.",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2024-1609",
        "datePublished": "2024-12-25T03:14:43.216Z",
        "dateReserved": "2024-02-19T07:48:58.472Z",
        "dateUpdated": "2024-12-26T19:52:25.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1610 (GCVE-0-2024-1610)

    Vulnerability from nvd – Published: 2024-12-18 06:18 – Updated: 2024-12-18 15:33
    VLAI
    Title
    OPPO Store app include remote account token hijacking and sensitive information leakage
    Summary
    In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO Store APP Affected: 4.32.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T15:30:05.310072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1284",
                    "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T15:33:31.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Store APP",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn OPPO Store APP, there\u0027s a possible escalation of privilege due to improper input validation. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In OPPO Store APP, there\u0027s a possible escalation of privilege due to improper input validation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T06:18:48.588Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Store app include remote account token hijacking and sensitive information leakage",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2024-1610",
        "datePublished": "2024-12-18T06:18:48.588Z",
        "dateReserved": "2024-02-19T07:49:02.096Z",
        "dateUpdated": "2024-12-18T15:33:31.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1608 (GCVE-0-2024-1608)

    Vulnerability from nvd – Published: 2024-02-20 09:09 – Updated: 2024-08-01 18:48
    VLAI
    Title
    OPPO Usercenter Credit sdk
    Summary
    In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    Impacted products
    Vendor Product Version
    OPPO Usercenter Credit sdk Affected: /
    Create a notification for this product.
    oppo usercenter_credit_sdk Unknown: 0 , < * (custom)
        cpe:2.3:a:oppo:usercenter_credit_sdk:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:oppo:usercenter_credit_sdk:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usercenter_credit_sdk",
                "vendor": "oppo",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unknown",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:24:08.747661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-280",
                    "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges ",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-27T18:51:36.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:48:21.911Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Usercenter Credit sdk",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "/"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
                }
              ],
              "value": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T09:09:13.528Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Usercenter Credit sdk",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2024-1608",
        "datePublished": "2024-02-20T09:09:13.528Z",
        "dateReserved": "2024-02-19T07:48:52.647Z",
        "dateUpdated": "2024-08-01T18:48:21.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26311 (GCVE-0-2023-26311)

    Vulnerability from nvd – Published: 2023-08-10 10:32 – Updated: 2024-10-08 14:50
    VLAI
    Title
    A remote code execution vulnerability in the webview component of OPPO Store app.
    Summary
    A remote code execution vulnerability in the webview component of OPPO Store app.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO Store Affected: 1.5.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:24.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:33:02.241396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:50:29.967Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Store",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A remote code execution vulnerability in the webview component of OPPO Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": " A remote code execution vulnerability in the webview component of OPPO Store app.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-10T10:32:31.287Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " A remote code execution vulnerability in the webview component of OPPO Store app.",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2023-26311",
        "datePublished": "2023-08-10T10:32:31.287Z",
        "dateReserved": "2023-02-21T23:18:21.568Z",
        "dateUpdated": "2024-10-08T14:50:29.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26309 (GCVE-0-2023-26309)

    Vulnerability from nvd – Published: 2023-08-10 08:34 – Updated: 2024-10-08 14:50
    VLAI
    Title
    A remote code execution vulnerability in the webview component
    Summary
    A remote code execution vulnerability in the webview component of OnePlus Store app.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OnePlus Store Affected: 3.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:34:46.417505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:50:47.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OnePlus Store",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability in the webview component of OnePlus Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A remote code execution vulnerability in the webview component of OnePlus Store app.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-11T09:39:08.276Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A remote code execution vulnerability in the webview component",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2023-26309",
        "datePublished": "2023-08-10T08:34:12.390Z",
        "dateReserved": "2023-02-21T23:18:21.567Z",
        "dateUpdated": "2024-10-08T14:50:47.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26310 (GCVE-0-2023-26310)

    Vulnerability from nvd – Published: 2023-08-09 06:13 – Updated: 2024-10-09 10:15
    VLAI
    Title
    Command Injection In OPPO Service
    Summary
    There is a command injection problem in the old version of the mobile phone backup app.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO Find X3 Affected: ColorOS 12.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:41:23.160966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T15:41:34.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Find X3",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "ColorOS 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a command injection problem in the old version of the mobile phone backup app.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "There is a command injection problem in the old version of the mobile phone backup app."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T10:15:15.657Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection In OPPO Service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2023-26310",
        "datePublished": "2023-08-09T06:13:22.055Z",
        "dateReserved": "2023-02-21T23:18:21.568Z",
        "dateUpdated": "2024-10-09T10:15:15.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23247 (GCVE-0-2021-23247)

    Vulnerability from nvd – Published: 2022-04-01 22:17 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a OPPO Quick App Affected: 4.5.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OPPO Quick App",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-01T22:17:26.000Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@oppo.com",
              "ID": "CVE-2021-23247",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OPPO Quick App",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240",
                  "refsource": "MISC",
                  "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2021-23247",
        "datePublished": "2022-04-01T22:17:26.000Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23244 (GCVE-0-2021-23244)

    Vulnerability from nvd – Published: 2021-12-27 18:48 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
    Severity
    No CVSS data available.
    CWE
    • Elevation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a OPPO Android Phone Affected: OPPO Mobile phones with ColorOS 11 version
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:54.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OPPO Android Phone",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "OPPO Mobile phones with ColorOS 11 version"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T18:48:24.000Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@oppo.com",
              "ID": "CVE-2021-23244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OPPO Android Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OPPO Mobile phones with ColorOS 11 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976",
                  "refsource": "MISC",
                  "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2021-23244",
        "datePublished": "2021-12-27T18:48:24.000Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:54.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-22078 (GCVE-0-2026-22078)

    Vulnerability from cvelistv5 – Published: 2026-06-29 08:05 – Updated: 2026-06-29 11:53
    VLAI
    Title
    O+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.
    Summary
    Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect privilege assignment
    Assigner
    Impacted products
    Vendor Product Version
    OPPO O+ Connect Affected: 16.0.33
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T11:53:04.056229Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T11:53:21.664Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "O+ Connect",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.0.33"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Because O+ Connect\u0027s IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel."
                }
              ],
              "value": "Because O+ Connect\u0027s IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266 Incorrect privilege assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T11:52:51.499Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2070415238859333632"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "O+ Connect\u0027s lack of authentication for IPC channels led to a local privilege escalation vulnerability.",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22078",
        "datePublished": "2026-06-29T08:05:49.776Z",
        "dateReserved": "2026-01-06T06:15:53.765Z",
        "dateUpdated": "2026-06-29T11:53:21.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22069 (GCVE-0-2026-22069)

    Vulnerability from cvelistv5 – Published: 2026-05-19 02:47 – Updated: 2026-06-29 11:56
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-29T11:56:05.068Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22069",
        "datePublished": "2026-05-19T02:47:20.980Z",
        "dateRejected": "2026-06-29T11:56:05.068Z",
        "dateReserved": "2026-01-06T06:15:53.763Z",
        "dateUpdated": "2026-06-29T11:56:05.068Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22070 (GCVE-0-2026-22070)

    Vulnerability from cvelistv5 – Published: 2026-04-30 08:27 – Updated: 2026-04-30 13:01
    VLAI
    Title
    ColorOS Assistant Path Traversal Vulnerability
    Summary
    ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    Impacted products
    Vendor Product Version
    OPPO ColorOS Assistant Unaffected: 1.4.26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22070",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-30T13:01:03.772357Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-30T13:01:16.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ColorOS Assistant",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "1.4.26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal."
                }
              ],
              "value": "ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T08:27:57.043Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2049764240746881024"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ColorOS Assistant Path Traversal Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22070",
        "datePublished": "2026-04-30T08:27:57.043Z",
        "dateReserved": "2026-01-06T06:15:53.764Z",
        "dateUpdated": "2026-04-30T13:01:16.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22077 (GCVE-0-2026-22077)

    Vulnerability from cvelistv5 – Published: 2026-04-27 06:37 – Updated: 2026-04-27 13:29
    VLAI
    Title
    Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet
    Summary
    OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22077",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T13:19:04.793103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-346",
                    "description": "CWE-346 Origin Validation Error",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T13:29:23.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Wallet APP",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure."
                }
              ],
              "value": "OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-27T07:27:33.199Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2048652556296790016"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2026-22077",
        "datePublished": "2026-04-27T06:37:05.647Z",
        "dateReserved": "2026-01-06T06:15:53.765Z",
        "dateUpdated": "2026-04-27T13:29:23.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27388 (GCVE-0-2025-27388)

    Vulnerability from cvelistv5 – Published: 2025-08-14 07:15 – Updated: 2025-08-14 19:37
    VLAI
    Title
    Arbitrary URL Loading in WebView Leading to Token Leakage Risk
    Summary
    Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO HEALTH APP Affected: 4.23.4 and below , ≤ 4.23.4 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T19:36:20.850842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-14T19:37:41.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO HEALTH APP",
              "vendor": "OPPO",
              "versions": [
                {
                  "lessThanOrEqual": "4.23.4",
                  "status": "affected",
                  "version": "4.23.4 and below",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens."
                }
              ],
              "value": "Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-639",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-639 Probe System Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-14T07:15:10.875Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1955879800426209280"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary URL Loading in WebView Leading to Token Leakage Risk",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2025-27388",
        "datePublished": "2025-08-14T07:15:10.875Z",
        "dateReserved": "2025-02-24T03:04:32.845Z",
        "dateUpdated": "2025-08-14T19:37:41.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27387 (GCVE-0-2025-27387)

    Vulnerability from cvelistv5 – Published: 2025-06-23 09:28 – Updated: 2026-01-06 06:20
    VLAI
    Title
    OPPO Clone Phone uses weak WPA passphrase as only means of security
    Summary
    OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    OPPO ColorOS Affected: 15.0.2 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T12:09:11.626527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T12:14:46.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ColorOS",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.0.2 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure."
                }
              ],
              "value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T06:20:24.543Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072https://"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Clone Phone uses weak WPA passphrase as only means of security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2025-27387",
        "datePublished": "2025-06-23T09:28:08.244Z",
        "dateReserved": "2025-02-24T03:04:32.845Z",
        "dateUpdated": "2026-01-06T06:20:24.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1609 (GCVE-0-2024-1609)

    Vulnerability from cvelistv5 – Published: 2024-12-25 03:14 – Updated: 2024-12-26 19:52
    VLAI
    Title
    OPPO Store APP has a WebView component privilege escalation vulnerability.
    Summary
    In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPP Store Affected: 3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-26T19:51:53.624999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-26T19:52:25.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPP Store",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn OPPOStore iOS App, there\u0027s a possible escalation of privilege due to improper input validation. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In OPPOStore iOS App, there\u0027s a possible escalation of privilege due to improper input validation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-25T03:14:43.216Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Store APP has a WebView component privilege escalation vulnerability.",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2024-1609",
        "datePublished": "2024-12-25T03:14:43.216Z",
        "dateReserved": "2024-02-19T07:48:58.472Z",
        "dateUpdated": "2024-12-26T19:52:25.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1610 (GCVE-0-2024-1610)

    Vulnerability from cvelistv5 – Published: 2024-12-18 06:18 – Updated: 2024-12-18 15:33
    VLAI
    Title
    OPPO Store app include remote account token hijacking and sensitive information leakage
    Summary
    In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO Store APP Affected: 4.32.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T15:30:05.310072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1284",
                    "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T15:33:31.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Store APP",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.32.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn OPPO Store APP, there\u0027s a possible escalation of privilege due to improper input validation. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "In OPPO Store APP, there\u0027s a possible escalation of privilege due to improper input validation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T06:18:48.588Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Store app include remote account token hijacking and sensitive information leakage",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2024-1610",
        "datePublished": "2024-12-18T06:18:48.588Z",
        "dateReserved": "2024-02-19T07:49:02.096Z",
        "dateUpdated": "2024-12-18T15:33:31.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1608 (GCVE-0-2024-1608)

    Vulnerability from cvelistv5 – Published: 2024-02-20 09:09 – Updated: 2024-08-01 18:48
    VLAI
    Title
    OPPO Usercenter Credit sdk
    Summary
    In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    Impacted products
    Vendor Product Version
    OPPO Usercenter Credit sdk Affected: /
    Create a notification for this product.
    oppo usercenter_credit_sdk Unknown: 0 , < * (custom)
        cpe:2.3:a:oppo:usercenter_credit_sdk:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:oppo:usercenter_credit_sdk:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "usercenter_credit_sdk",
                "vendor": "oppo",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unknown",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:24:08.747661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-280",
                    "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges ",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-27T18:51:36.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:48:21.911Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Usercenter Credit sdk",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "/"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
                }
              ],
              "value": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T09:09:13.528Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OPPO Usercenter Credit sdk",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2024-1608",
        "datePublished": "2024-02-20T09:09:13.528Z",
        "dateReserved": "2024-02-19T07:48:52.647Z",
        "dateUpdated": "2024-08-01T18:48:21.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26311 (GCVE-0-2023-26311)

    Vulnerability from cvelistv5 – Published: 2023-08-10 10:32 – Updated: 2024-10-08 14:50
    VLAI
    Title
    A remote code execution vulnerability in the webview component of OPPO Store app.
    Summary
    A remote code execution vulnerability in the webview component of OPPO Store app.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO Store Affected: 1.5.11
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:24.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:33:02.241396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:50:29.967Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Store",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A remote code execution vulnerability in the webview component of OPPO Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": " A remote code execution vulnerability in the webview component of OPPO Store app.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-10T10:32:31.287Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " A remote code execution vulnerability in the webview component of OPPO Store app.",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2023-26311",
        "datePublished": "2023-08-10T10:32:31.287Z",
        "dateReserved": "2023-02-21T23:18:21.568Z",
        "dateUpdated": "2024-10-08T14:50:29.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26309 (GCVE-0-2023-26309)

    Vulnerability from cvelistv5 – Published: 2023-08-10 08:34 – Updated: 2024-10-08 14:50
    VLAI
    Title
    A remote code execution vulnerability in the webview component
    Summary
    A remote code execution vulnerability in the webview component of OnePlus Store app.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OnePlus Store Affected: 3.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:34:46.417505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:50:47.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OnePlus Store",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability in the webview component of OnePlus Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A remote code execution vulnerability in the webview component of OnePlus Store app.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-11T09:39:08.276Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A remote code execution vulnerability in the webview component",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2023-26309",
        "datePublished": "2023-08-10T08:34:12.390Z",
        "dateReserved": "2023-02-21T23:18:21.567Z",
        "dateUpdated": "2024-10-08T14:50:47.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26310 (GCVE-0-2023-26310)

    Vulnerability from cvelistv5 – Published: 2023-08-09 06:13 – Updated: 2024-10-09 10:15
    VLAI
    Title
    Command Injection In OPPO Service
    Summary
    There is a command injection problem in the old version of the mobile phone backup app.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OPPO OPPO Find X3 Affected: ColorOS 12.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:41:23.160966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T15:41:34.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "OPPO Find X3",
              "vendor": "OPPO",
              "versions": [
                {
                  "status": "affected",
                  "version": "ColorOS 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a command injection problem in the old version of the mobile phone backup app.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "There is a command injection problem in the old version of the mobile phone backup app."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-09T10:15:15.657Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection In OPPO Service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2023-26310",
        "datePublished": "2023-08-09T06:13:22.055Z",
        "dateReserved": "2023-02-21T23:18:21.568Z",
        "dateUpdated": "2024-10-09T10:15:15.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23247 (GCVE-0-2021-23247)

    Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a OPPO Quick App Affected: 4.5.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OPPO Quick App",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-01T22:17:26.000Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@oppo.com",
              "ID": "CVE-2021-23247",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OPPO Quick App",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240",
                  "refsource": "MISC",
                  "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2021-23247",
        "datePublished": "2022-04-01T22:17:26.000Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:55.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23244 (GCVE-0-2021-23244)

    Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-08-03 19:05
    VLAI
    Summary
    ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
    Severity
    No CVSS data available.
    CWE
    • Elevation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a OPPO Android Phone Affected: OPPO Mobile phones with ColorOS 11 version
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:54.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OPPO Android Phone",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "OPPO Mobile phones with ColorOS 11 version"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T18:48:24.000Z",
            "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
            "shortName": "OPPO"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@oppo.com",
              "ID": "CVE-2021-23244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OPPO Android Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OPPO Mobile phones with ColorOS 11 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976",
                  "refsource": "MISC",
                  "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "assignerShortName": "OPPO",
        "cveId": "CVE-2021-23244",
        "datePublished": "2021-12-27T18:48:24.000Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:05:54.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201904-0568

    Vulnerability from variot - Updated: 2023-12-18 13:02

    The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (versionCode=1, versionName=1.0) that contains an exported service named com.dropboxchmod.DropboxChmodService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. This vulnerability can also be used to secretly record audio of the user without their awareness on the Oppo F5 device. The pre-installed com.oppo.engineermode app (versionCode=25, versionName=V1.01) has an exported activity that can be started to initiate a recording and quickly dismissed. The activity can be started in a way that the user will not be able to see the app in the recent apps list. The resulting audio amr file can be copied from a location on internal storage using the arbitrary command execution as system user vulnerability. Executing commands as system user can allow a third-party app to factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. The OPPO F5 is a smartphone based on the Android platform from the Chinese OPPO Guangdong Mobile Communications (OPPO) company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0568",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "f5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oppo",
            "version": null
          },
          {
            "model": "f5",
            "scope": null,
            "trust": 0.8,
            "vendor": "oppo",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:oppo:f5_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:oppo:f5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          }
        ]
      },
      "cve": "CVE-2018-14996",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-14996",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-125211",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14996",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14996",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-1181",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-125211",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (versionCode=1, versionName=1.0) that contains an exported service named com.dropboxchmod.DropboxChmodService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user\u0027s screen, factory reset the device, obtain the user\u0027s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user\u0027s text messages, and more. This vulnerability can also be used to secretly record audio of the user without their awareness on the Oppo F5 device. The pre-installed com.oppo.engineermode app (versionCode=25, versionName=V1.01) has an exported activity that can be started to initiate a recording and quickly dismissed. The activity can be started in a way that the user will not be able to see the app in the recent apps list. The resulting audio amr file can be copied from a location on internal storage using the arbitrary command execution as system user vulnerability. Executing commands as system user can allow a third-party app to factory reset the device, obtain the user\u0027s notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user\u0027s text messages, and more. The OPPO F5 is a smartphone based on the Android platform from the Chinese OPPO Guangdong Mobile Communications (OPPO) company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14996",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-125211",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ]
      },
      "id": "VAR-201904-0568",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:02:15.264000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.oppo.com/en/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
          },
          {
            "trust": 1.7,
            "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/defcon-26-johnson-and-stavrou-vulnerable-out-of-the-box-an-eval-of-android-carrier-devices-wp-updated.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14996"
          },
          {
            "trust": 1.1,
            "url": "https://www.kryptowire.com"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14996"
          },
          {
            "trust": 0.8,
            "url": "https://www.kryptowire.com/android-firmware-defcon-2018/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "date": "2019-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "date": "2019-04-25T20:29:01.163000",
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "date": "2019-04-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-125211"
          },
          {
            "date": "2019-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-14996"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Oppo F5 Android Command injection vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015351"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-1181"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202107-1869

    Vulnerability from variot - Updated: 2022-05-04 10:03

    OPPO A92s is a 5G mobile phone owned by OPPO.

    OPPO A92s has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1869",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a92s",
            "scope": null,
            "trust": 0.6,
            "vendor": "oppo",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "id": "CNVD-2021-44382",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2021-44382",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OPPO A92s is a 5G mobile phone owned by OPPO.\n\r\n\r\nOPPO A92s has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "id": "VAR-202107-1869",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "last_update_date": "2022-05-04T10:03:08.046000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OPPO A92s has an information disclosure vulnerability (CNVD-2021-44382)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-44382"
          }
        ],
        "trust": 0.6
      }
    }