High severity7.5NVD Advisory· Published May 11, 2017· Updated Jun 17, 2026
CVE-2016-10370
CVE-2016-10370
Description
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- alephsecurity.com/vulns/aleph-2017022nvdExploitTechnical DescriptionThird Party Advisory
- forums.oneplus.net/threads/ota-and-imei-over-http.453992/nvdVendor Advisory
- www.securityfocus.com/bid/98495nvd
News mentions
0No linked articles in our index yet.