oneplus 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact unexpected behavior、vendor impact memory corruption, and アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-26309 | A remote code execution vulnerability in the webview component of OnePlus Store app. | [email protected] | 7.4 | 1.42% | 2023-08-10 | 2024-11-21 |
| CVE-2020-13626 | OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. | [email protected] | 4.6 | 0.05% | 2020-10-09 | 2024-11-21 |
| CVE-2020-7958 | An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android. An attacker who is in the position to | [email protected] | 6.0 | 0.18% | 2020-04-14 | 2024-11-21 |
| CVE-2017-5947 | An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader. | [email protected] | 6.8 | 0.07% | 2018-03-29 | 2024-11-21 |
| CVE-2017-11105 | The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation. | [email protected] | 9.8 | 0.86% | 2017-08-03 | 2026-05-13 |
| CVE-2017-8851 | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the at | [email protected] | 5.9 | 0.09% | 2017-05-11 | 2026-05-13 |
| CVE-2017-8850 | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeti | [email protected] | 5.9 | 0.07% | 2017-05-11 | 2026-05-13 |
| CVE-2017-5948 | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiT | [email protected] | 5.9 | 0.29% | 2017-05-11 | 2026-05-13 |
| CVE-2016-10370 | An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851. | [email protected] | 7.5 | 0.22% | 2017-05-11 | 2026-05-13 |
| CVE-2017-5625 | In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command. | [email protected] | 4.6 | 0.08% | 2017-04-25 | 2026-05-13 |
| CVE-2017-5622 | With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. | [email protected] | 5.9 | 0.06% | 2017-03-26 | 2026-05-13 |
| CVE-2017-5623 | An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. | [email protected] | 6.6 | 0.05% | 2017-03-19 | 2026-05-13 |
| CVE-2017-5626 | OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data. | [email protected] | 9.8 | 1.66% | 2017-03-12 | 2026-05-13 |
| CVE-2017-5624 | An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation. | [email protected] | 9.8 | 1.84% | 2017-03-12 | 2026-05-13 |
| CVE-2017-5554 | An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive. | [email protected] | 8.1 | 1.58% | 2017-01-23 | 2026-05-13 |