ADB Access Vulnerability in OnePlus Devices by OnePlus
CVE-2017-5622

5.9MEDIUM

Key Information:

Vendor

Oneplus

Status
Oxygenos
Vendor
CVE Published:
26 March 2017

What is CVE-2017-5622?

Before version 4.0.3 of OxygenOS, OnePlus 3 and 3T devices exhibited a security flaw where connecting a charger while the device was powered off would enable the ADB daemon. This would allow a malicious charger or an attacker with physical access to initiate an ADB session without proper authorization, potentially leading to the exploitation of additional vulnerabilities or the unauthorized extraction of sensitive data from the device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://alephsecurity.com/vulns/aleph-2017004
x_refsource_MISC
http://www.securityfocus.com/bid/97092
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.