Vulnerabilities > Oneplus > Oneplus 3T > Low

DATE CVE VULNERABILITY TITLE RISK
2017-04-25 CVE-2017-5625 NULL Pointer Dereference vulnerability in Oneplus Oxygenos
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
local
low complexity
oneplus CWE-476
2.1
2017-03-26 CVE-2017-5622 Incorrect Default Permissions vulnerability in Oneplus Oxygenos
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled.
local
low complexity
oneplus CWE-276
3.6