Boot Mode Manipulation in OnePlus Devices by OxygenOS
CVE-2017-5623

6.6MEDIUM

Key Information:

Vendor

Oneplus

Status
Oxygenos
Vendor
CVE Published:
19 March 2017

What is CVE-2017-5623?

An issue has been detected in OxygenOS prior to version 4.1.0 on OnePlus 3 and 3T smartphones. This vulnerability enables an attacker to alter the device's boot mode using the 'fastboot oem boot_mode {rf/wlan/ftm/normal}' command. This action contradicts the intended security model of Android, which prohibits any security-sensitive operations from being executed unless the bootloader is in an unlocked state. As a result, this vulnerability presents significant security risks to users by allowing unauthorized changes to the device's critical boot processes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://alephsecurity.com/vulns/aleph-2017005
x_refsource_MISC
http://www.securityfocus.com/bid/97048
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.