Vulnerabilities > CVE-2017-5947 - Unspecified vulnerability in Oneplus Oxygenos

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

oneplus

NVD

Published: 2018-03-29

Updated: 2024-11-21

Summary

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.

Vulnerable Configurations

Part	Description	Count
OS	Oneplus Oneplus Oxygenos 3.2.8 Oneplus Oxygenos 3.5.4 Oneplus Oxygenos 4.0.2 Oneplus Oxygenos 4.0.3 Oneplus Oxygenos 5.0	5
Hardware	Oneplus Oneplus Oneplus 2 - Oneplus Oneplus 3 - Oneplus Oneplus 3T - Oneplus Oneplus 5 - Oneplus Oneplus ONE - Oneplus Oneplus X -	6

References

https://alephsecurity.com/vulns/aleph-2017007
https://alephsecurity.com/vulns/aleph-2017007