VYPR

Vendor CVEs

Oppo

All CVEs

22 total · sorted by risk
  • CVE-2024-1610CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

  • CVE-2024-1609HigDec 25, 2024
    risk 0.57cvss epss 0.00

    In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.

  • CVE-2025-27387HigJun 23, 2025
    risk 0.48cvss 7.4epss 0.00

    OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.

  • CVE-2026-22070HigApr 30, 2026
    risk 0.46cvss 7.1epss 0.00

    ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

  • CVE-2026-22077MedApr 27, 2026
    risk 0.36cvss epss 0.00

    OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.

  • CVE-2025-27389MedDec 5, 2025
    risk 0.33cvss epss 0.00

    A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

  • CVE-2024-1608Feb 20, 2024
    risk 0.00cvss epss 0.00

    In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.

  • CVE-2023-26311Aug 10, 2023
    risk 0.00cvss epss 0.01

    A remote code execution vulnerability in the webview component of OPPO Store app.

  • CVE-2021-23247Apr 1, 2022
    risk 0.00cvss epss 0.02

    A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine

  • CVE-2021-23246Mar 11, 2022
    risk 0.00cvss epss 0.01

    In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.

  • CVE-2021-37103Feb 25, 2022
    risk 0.00cvss epss 0.00

    There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.

  • CVE-2021-23244Dec 27, 2021
    risk 0.00cvss epss 0.01

    ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

  • CVE-2021-23243Sep 27, 2021
    risk 0.00cvss epss 0.00

    In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.

  • CVE-2020-11836Feb 5, 2021
    risk 0.00cvss epss 0.00

    OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.

  • CVE-2019-3405Jan 11, 2021
    risk 0.00cvss epss 0.01

    In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to…

  • CVE-2020-11835Dec 31, 2020
    risk 0.00cvss epss 0.00

    In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.

  • CVE-2020-11832Dec 31, 2020
    risk 0.00cvss epss 0.00

    In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.

  • CVE-2020-11831Nov 19, 2020
    risk 0.00cvss epss 0.01

    OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.

  • CVE-2020-11830Nov 19, 2020
    risk 0.00cvss epss 0.01

    QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.

  • CVE-2020-11829Nov 19, 2020
    risk 0.00cvss epss 0.01

    Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.

  • CVE-2020-11828Apr 21, 2020
    risk 0.00cvss epss 0.01

    In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is…

  • CVE-2018-14996Apr 25, 2019
    risk 0.00cvss epss 0.01

    The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (versionCode=1, versionName=1.0) that contains an exported service named…