CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-5623

MEDIUM
6.6
CVSS Severity Score
EPSS Score0.1220%
EPSS Percentile44.05th
Published2017年3月19日
Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.

Affected Platforms (CPE)

💻
Oneplus

Oxygenos

<= 4.0.3

References & Advisories

🔗 http://www.securityfocus.com/bid/97048
🔗 https://alephsecurity.com/vulns/aleph-2017005
🔗 http://www.securityfocus.com/bid/97048
🔗 https://alephsecurity.com/vulns/aleph-2017005

相关漏洞威胁

CVE-2017-56249.8

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader ...

CVE-2017-56269.8

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the at...

CVE-2017-55548.1

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot m...

CVE-2017-59476.8

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the devi...