Vulnerabilities > Oneplus > Oxygenos

DATE CVE VULNERABILITY TITLE RISK
2018-03-29 CVE-2017-5947 Unspecified vulnerability in Oneplus Oxygenos
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier.
local
low complexity
oneplus
4.6
2017-05-11 CVE-2017-8851 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One and X devices.
network
oneplus CWE-319
4.3
2017-05-11 CVE-2017-8850 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
oneplus CWE-319
4.3
2017-05-11 CVE-2017-5948 Improper Input Validation vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
oneplus CWE-20
4.3
2017-05-11 CVE-2016-10370 Improper Access Control vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus devices such as the 3T.
network
low complexity
oneplus CWE-284
5.0
2017-04-25 CVE-2017-5625 NULL Pointer Dereference vulnerability in Oneplus Oxygenos
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
local
low complexity
oneplus CWE-476
2.1
2017-03-26 CVE-2017-5622 Incorrect Default Permissions vulnerability in Oneplus Oxygenos
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled.
local
low complexity
oneplus CWE-276
3.6
2017-03-19 CVE-2017-5623 Improper Privilege Management vulnerability in Oneplus Oxygenos 4.0.3
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices.
local
low complexity
oneplus CWE-269
7.2
2017-03-12 CVE-2017-5626 Unspecified vulnerability in Oneplus Oxygenos
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset.
network
low complexity
oneplus
critical
10.0
2017-03-12 CVE-2017-5624 Improper Privilege Management vulnerability in Oneplus Oxygenos
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T.
network
low complexity
oneplus CWE-269
critical
10.0