Known Vulnerabilities for products from Oneplus
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Oneplus".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-26309 | A remote code execution vulnerability in the webview component of OnePlus Store app. | 9.8 - CRITICAL | 2023-08-10 | 2023-08-15 |
| CVE-2020-13626 | OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorizatio... | 4.6 - MEDIUM | 2020-10-09 | 2023-11-07 |
| CVE-2020-7958 | An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that a... | 6 - MEDIUM | 2020-04-14 | 2021-07-21 |
| CVE-2017-11105 | The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certi... | 9.8 - CRITICAL | 2017-08-03 | 2019-10-03 |
| CVE-2017-8851 | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, th... | 5.9 - MEDIUM | 2017-05-11 | 2019-10-03 |
| CVE-2017-8850 | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, a... | 5.9 - MEDIUM | 2017-05-11 | 2019-10-03 |
| CVE-2017-5948 | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks.... | 5.9 - MEDIUM | 2017-05-11 | 2019-10-03 |
| CVE-2017-5947 | An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the... | 6.8 - MEDIUM | 2018-03-29 | 2021-08-12 |
| CVE-2017-5626 | OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow t... | 9.8 - CRITICAL | 2017-03-12 | 2019-10-03 |
| CVE-2017-5625 | In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dum... | 4.6 - MEDIUM | 2017-04-25 | 2017-05-05 |
| CVE-2017-5624 | An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootlo... | 9.8 - CRITICAL | 2017-03-12 | 2019-10-03 |
| CVE-2017-5623 | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the dev... | 6.6 - MEDIUM | 2017-03-19 | 2019-10-03 |
| CVE-2017-5622 | With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adb... | 5.9 - MEDIUM | 2017-03-26 | 2019-10-03 |
| CVE-2017-5554 | An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastb... | 8.1 - HIGH | 2017-01-23 | 2019-10-03 |
| CVE-2016-10370 | An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP with... | 7.5 - HIGH | 2017-05-11 | 2017-05-23 |
Known software with vulnerabilities from Oneplus
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Oneplus | App Locker | 2020-10-06 |
| Operating System | Oneplus | Oxygenos | 4.0.2 |
| Operating System | Oneplus | Primary Bootloader | - |