Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oneplus vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2017-5948
An issue exists on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgra...
Oneplus Oxygenos
8.1
CVSSv3
CVE-2017-5554
An issue exists in ABOOT in OnePlus 3 and 3T OxygenOS prior to 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker wi...
Oneplus Oxygenos
6.8
CVSSv3
CVE-2017-5947
An issue exists in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and previous versions. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgradin...
Oneplus Oxygenos
2 Github repositories
5.9
CVSSv3
CVE-2017-5622
With OxygenOS prior to 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further ...
Oneplus Oxygenos
6.6
CVSSv3
CVE-2017-5623
An issue exists in OxygenOS prior to 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT ...
Oneplus Oxygenos
9.8
CVSSv3
CVE-2017-5624
An issue exists in OxygenOS prior to 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will no...
Oneplus Oxygenos
4.6
CVSSv3
CVE-2017-5625
In OxygenOS prior to 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot ...
Oneplus Oxygenos
9.8
CVSSv3
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the malicious user to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset...
Oneplus Oxygenos
6
CVSSv3
CVE-2020-7958
An issue exists on OnePlus 7 Pro devices prior to 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The is...
Oneplus Oneplus 7 Pro Firmware
1 Github repository
9.8
CVSSv3
CVE-2017-11105
The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation.
Oneplus Primary Bootloader -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »