Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oneplus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11105
The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation.
Oneplus Primary Bootloader -
5.9
CVSSv3
CVE-2017-5622
With OxygenOS prior to 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further ...
Oneplus Oxygenos
6.6
CVSSv3
CVE-2017-5623
An issue exists in OxygenOS prior to 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT ...
Oneplus Oxygenos
4.6
CVSSv3
CVE-2017-5625
In OxygenOS prior to 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot ...
Oneplus Oxygenos
6.8
CVSSv3
CVE-2017-5947
An issue exists in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and previous versions. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgradin...
Oneplus Oxygenos
2 Github repositories
6
CVSSv3
CVE-2020-7958
An issue exists on OnePlus 7 Pro devices prior to 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The is...
Oneplus Oneplus 7 Pro Firmware
1 Github repository
5.9
CVSSv3
CVE-2017-8850
An issue exists on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which all...
Oneplus Oxygenos
5.9
CVSSv3
CVE-2017-5948
An issue exists on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgra...
Oneplus Oxygenos
5.9
CVSSv3
CVE-2017-8851
An issue exists on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attacker...
Oneplus Oxygenos
7.5
CVSSv3
CVE-2016-10370
An issue exists on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for r...
Oneplus Oxygenos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »