Vulnerability Details CVE-2020-13626
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.4%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 2.1
References
- https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5
- https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker
- https://medium.com/%40bugsbunnyy1107/the-tell-tale-of-cve-in-oneplus-phones-91e97342a8b5
- https://support.oneplus.com/app/answers/detail/a_id/301/~/how-to-use-app-locker
Products affected by CVE-2020-13626
-
cpe:2.3:a:oneplus:app_locker:2020-10-06