Vulnerabilities > CVE-2020-13626 - Missing Authorization vulnerability in Oneplus APP Locker 20201006
Attack vector
PHYSICAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5
- https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker
- https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5
- https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker