VYPR
Vendor

Oneplus

Products
3
CVEs
15
Across products
21
Status
Private

Products

3

Recent CVEs

15
  • CVE-2017-11105CriAug 3, 2017
    risk 0.64cvss 9.8epss 0.02

    The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation.

  • CVE-2017-5626CriMar 12, 2017
    risk 0.64cvss 9.8epss 0.03

    OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows…

  • CVE-2017-5624CriMar 12, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not…

  • CVE-2025-10184HigSep 23, 2025
    risk 0.53cvss epss 0.04

    The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to…

  • CVE-2017-5554HigJan 23, 2017
    risk 0.53cvss 8.1epss 0.03

    An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with…

  • CVE-2016-10370HigMay 11, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and…

  • CVE-2017-5947MedMar 29, 2018
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading…

  • CVE-2017-5623MedMar 19, 2017
    risk 0.43cvss 6.6epss 0.00

    An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT…

  • CVE-2017-8851MedMay 11, 2017
    risk 0.38cvss 5.9epss 0.00

    An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers…

  • CVE-2017-8850MedMay 11, 2017
    risk 0.38cvss 5.9epss 0.00

    An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders,…

  • CVE-2017-5948MedMay 11, 2017
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades…

  • CVE-2017-5622MedMar 26, 2017
    risk 0.38cvss 5.9epss 0.00

    With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further…

  • CVE-2017-5625MedApr 25, 2017
    risk 0.30cvss 4.6epss 0.00

    In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump ' fastboot command.

  • CVE-2020-13626Oct 9, 2020
    risk 0.00cvss epss 0.00

    OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

  • CVE-2020-7958Apr 14, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code.…