Vulnerability Details CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.1%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 7.2
References
Products affected by CVE-2017-5623
-
cpe:2.3:h:oneplus:oneplus_3:-
-
cpe:2.3:h:oneplus:oneplus_3t:-
-
cpe:2.3:o:oneplus:oxygenos:3.2.8
-
cpe:2.3:o:oneplus:oxygenos:3.5.4
-
cpe:2.3:o:oneplus:oxygenos:4.0.2
-
cpe:2.3:o:oneplus:oxygenos:4.0.3