Vulnerabilities > CVE-2020-13626 - Missing Authorization vulnerability in Oneplus APP Locker 20201006

047910
CVSS 4.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
low complexity
oneplus
CWE-862

Summary

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

Vulnerable Configurations

Part Description Count
Application
Oneplus
1

Common Weakness Enumeration (CWE)