Sign-up

ID

VAR-201704-0651


CVE

CVE-2017-5625


TITLE

OnePlus 3 and 3T Run on device OxygenOS In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003605

DESCRIPTION

In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command. OnePlus 3 and 3T Run on device OxygenOS Is NULL A vulnerability related to pointer dereference exists.Information may be obtained. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There are security vulnerabilities in versions of OxygenOS 4.0.3 on OnePlus3 and 3T devices. An unauthorized attacker could exploit the vulnerability to obtain sensitive information on the device

Trust: 2.16

sources: NVD: CVE-2017-5625 // JVNDB: JVNDB-2017-003605 // CNVD: CNVD-2017-06819

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06819

AFFECTED PRODUCTS

vendor:oneplusmodel:oxygenosscope:ltversion:4.0.3

Trust: 1.4

vendor:oneplusmodel:oxygenosscope:lteversion:4.0.2

Trust: 1.0

vendor:oneplusmodel:oxygenosscope:eqversion:4.0.2

Trust: 0.6

sources: CNVD: CNVD-2017-06819 // JVNDB: JVNDB-2017-003605 // CNNVD: CNNVD-201704-1405 // NVD: CVE-2017-5625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5625
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-5625
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06819
value: LOW

Trust: 0.6

CNNVD: CNNVD-201704-1405
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2017-5625
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06819
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-5625
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06819 // JVNDB: JVNDB-2017-003605 // CNNVD: CNNVD-201704-1405 // NVD: CVE-2017-5625

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2017-003605 // NVD: CVE-2017-5625

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-1405

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-1405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003605

PATCH
title:Top Pageurl:https://oneplus.net/
Trust: 0.8
title:Patch for OnePlus3 and 3TOxygenOS Security Bypass Vulnerability (CNVD-2017-06819)url:https://www.cnvd.org.cn/patchInfo/show/93811
Trust: 0.6
title:OnePlus 3  and 3T OxygenOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69659
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06819 // 
            
            
            
            JVNDB: JVNDB-2017-003605 // 
            
            
            
            CNNVD: CNNVD-201704-1405

EXTERNAL IDS
db:NVDid:CVE-2017-5625
Trust: 3.0
db:JVNDBid:JVNDB-2017-003605
Trust: 0.8
db:CNVDid:CNVD-2017-06819
Trust: 0.6
db:CNNVDid:CNNVD-201704-1405
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06819 // 
            
            
            
            JVNDB: JVNDB-2017-003605 // 
            
            
            
            CNNVD: CNNVD-201704-1405 // 
            
            
            
            NVD: CVE-2017-5625

REFERENCES
url:https://alephsecurity.com/vulns/aleph-2017006
Trust: 3.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5625
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5625
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-06819 // 
            
            
            
            JVNDB: JVNDB-2017-003605 // 
            
            
            
            CNNVD: CNNVD-201704-1405 // 
            
            
            
            NVD: CVE-2017-5625

SOURCES
db:CNVDid:CNVD-2017-06819
db:JVNDBid:JVNDB-2017-003605
db:CNNVDid:CNNVD-201704-1405
db:NVDid:CVE-2017-5625

LAST UPDATE DATE
2025-04-20T23:27:26.334000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06819date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-003605date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-1405date:2017-04-26T00:00:00
db:NVDid:CVE-2017-5625date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06819date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-003605date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-1405date:2017-04-26T00:00:00
db:NVDid:CVE-2017-5625date:2017-04-25T16:59:00.230