Known Vulnerabilities for products from Oneplus
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Oneplus".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-26309 json | A remote code execution vulnerability in the webview component of OnePlus Store app. | 9.8 - CRITICAL | 2023-08-10 | 2023-08-15 |
| CVE-2020-13626 json | OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorizatio... | 4.6 - MEDIUM | 2020-10-09 | 2023-11-07 |
| CVE-2020-7958 json | An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that a... | 6 - MEDIUM | 2020-04-14 | 2021-07-21 |
| CVE-2017-11105 json | The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certi... | Not Provided | 2017-08-03 | 2025-04-20 |
| CVE-2017-8851 json | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, th... | Not Provided | 2017-05-11 | 2025-04-20 |
| CVE-2017-8850 json | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, a... | Not Provided | 2017-05-11 | 2025-04-20 |
| CVE-2017-5948 json | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks.... | Not Provided | 2017-05-11 | 2025-04-20 |
| CVE-2017-5947 json | An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the... | 6.8 - MEDIUM | 2018-03-29 | 2021-08-12 |
| CVE-2017-5626 json | OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow t... | Not Provided | 2017-03-12 | 2025-04-20 |
| CVE-2017-5625 json | In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dum... | Not Provided | 2017-04-25 | 2025-04-20 |
| CVE-2017-5624 json | An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootlo... | Not Provided | 2017-03-12 | 2025-04-20 |
| CVE-2017-5623 json | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the dev... | Not Provided | 2017-03-19 | 2025-04-20 |
| CVE-2017-5622 json | With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adb... | Not Provided | 2017-03-26 | 2025-04-20 |
| CVE-2017-5554 json | An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastb... | 8.1 - HIGH | 2017-01-23 | 2019-10-03 |
| CVE-2016-10370 json | An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP with... | Not Provided | 2017-05-11 | 2025-04-20 |
Known software with vulnerabilities from Oneplus
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Oneplus | App Locker | 2020-10-06 |
| Operating System | Oneplus | Oxygenos | 4.0.2 |
| Operating System | Oneplus | Primary Bootloader | - |