National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:oneplus:oxygenos:4.0.3
There are 2 matching records.
Vuln ID Summary CVSS Severity

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.

Published: March 29, 2018; 02:29:01 PM -04:00
V3: 6.8 MEDIUM
V2: 4.6 MEDIUM

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.

Published: March 19, 2017; 04:59:00 PM -04:00
V3: 6.6 MEDIUM
V2: 7.2 HIGH