Vulnerabilities > CVE-2020-13626 - Missing Authorization vulnerability in Oneplus APP Locker 20201006

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

oneplus

CWE-862

NVD

Published: 2020-10-09

Updated: 2023-11-07

Summary

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

Vulnerable Configurations

Part	Description	Count
Application	Oneplus Oneplus APP Locker 2020-10-06	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker
https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5