Vulnerabilities > Oneplus > Oxygenos > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-03-12 CVE-2017-5624 Improper Privilege Management vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T.
network
low complexity
oneplus CWE-269
critical
9.8
2017-03-12 CVE-2017-5626 Unspecified vulnerability in Oneplus Oxygenos 3.2.8/3.5.4
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset.
network
low complexity
oneplus
critical
9.8