Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oneplus oxygenos vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-8851
An issue exists on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attacker...
Oneplus Oxygenos
5
CVSSv2
CVE-2016-10370
An issue exists on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for r...
Oneplus Oxygenos
3.6
CVSSv2
CVE-2017-5622
With OxygenOS prior to 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further ...
Oneplus Oxygenos
7.2
CVSSv2
CVE-2017-5623
An issue exists in OxygenOS prior to 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT ...
Oneplus Oxygenos
2.1
CVSSv2
CVE-2017-5625
In OxygenOS prior to 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot ...
Oneplus Oxygenos
4.3
CVSSv2
CVE-2017-5948
An issue exists on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgra...
Oneplus Oxygenos
9.3
CVSSv2
CVE-2017-5554
An issue exists in ABOOT in OnePlus 3 and 3T OxygenOS prior to 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker wi...
Oneplus Oxygenos
10
CVSSv2
CVE-2017-5624
An issue exists in OxygenOS prior to 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will no...
Oneplus Oxygenos
10
CVSSv2
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the malicious user to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset...
Oneplus Oxygenos
4.6
CVSSv2
CVE-2017-5947
An issue exists in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and previous versions. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgradin...
Oneplus Oxygenos
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »