VYPR
Medium severity5.9NVD Advisory· Published Mar 26, 2017· Updated Jun 17, 2026

CVE-2017-5622

CVE-2017-5622

Description

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Oneplus/Oxygenos2 versions
    cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*range: <=4.0.2
    • (no CPE)range: <4.0.3
  • Range: <4.0.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.