Shodan
Vulnerabilities
Vulnerable Software
Oppo:  Security Vulnerabilities
CVE-2024-1608
In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-02-20
CVE-2023-26311
A remote code execution vulnerability in the webview component of OPPO Store app.
CVSS Score
7.4
EPSS Score
0.01
Published
2023-08-10
CVE-2023-26310
There is a command injection problem in the old version of the mobile phone backup app.
CVSS Score
7.4
EPSS Score
0.005
Published
2023-08-09
CVE-2021-23247
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
CVSS Score
9.8
EPSS Score
0.034
Published
2022-04-01
CVE-2021-23246
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-11
CVE-2021-23244
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-27
CVE-2021-23243
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-27
CVE-2020-11836
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-02-06
CVE-2020-11832
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-12-31
CVE-2020-11833
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved