VYPR
Critical severity9.8NVD Advisory· Published Mar 12, 2017· Updated Jun 17, 2026

CVE-2017-5626

CVE-2017-5626

Description

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code execution with high privileges (kernel/root) with complete access to user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Oneplus/Oxygenos2 versions
    cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*range: <=3.2.8
    • (no CPE)range: <4.0.2
  • Range: <4.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.