CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5622

MEDIUM
5.9
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile21.88th
PublishedMar 26, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.

Affected Platforms (CPE)

πŸ’»
Oneplus

Oxygenos

<= 4.0.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/97092
πŸ”— https://alephsecurity.com/vulns/aleph-2017004
πŸ”— http://www.securityfocus.com/bid/97092
πŸ”— https://alephsecurity.com/vulns/aleph-2017004

Related Vulnerabilities

CVE-2017-56249.8

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader ...

CVE-2017-56269.8

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the at...

CVE-2017-55548.1

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot m...

CVE-2017-59476.8

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the devi...