Sign-up

ID

VAR-201705-3184


CVE

CVE-2017-5948


TITLE

plural OnePlus One Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004054

DESCRIPTION

An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off). OnePlus One , X , 2 , 3 ,and 3T The device contains an access control vulnerability. OnePlusOne and others are all smartphones from China OnePlus. OxygenOS and HydrogenOS are their own operating systems. HydrogenOSOTAs is a system update application in HydrogenOS. There are security vulnerabilities in OxygenOS and HydrogenOSOTAs in several OnePlus products. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This issue affects OnePlus devices running OxygenOS 4.1.3 and prior or HydrogenOS 3.0 and prior

Trust: 2.52

sources: NVD: CVE-2017-5948 // JVNDB: JVNDB-2017-004054 // CNVD: CNVD-2017-06955 // BID: 98500 // VULMON: CVE-2017-5948

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06955

AFFECTED PRODUCTS

vendor:oneplusmodel:oxygenosscope: - version: -

Trust: 2.0

vendor:oneplusmodel:oxygenosscope:eqversion:*

Trust: 1.0

vendor:oneplusmodel:hydrogenos otasscope: - version: -

Trust: 0.6

vendor:oneplusmodel: - scope:eqversion:x0

Trust: 0.3

vendor:oneplusmodel:oxygenosscope:eqversion:4.1.3

Trust: 0.3

vendor:oneplusmodel:oxygenosscope:eqversion:4.1.1

Trust: 0.3

vendor:oneplusmodel:oxygenosscope:eqversion:4.1

Trust: 0.3

vendor:oneplusmodel:oxygenosscope:eqversion:4.0.3

Trust: 0.3

vendor:oneplusmodel:oxygenosscope:eqversion:4.0.2

Trust: 0.3

vendor:oneplusmodel:oxygenosscope:eqversion:4.0.1

Trust: 0.3

vendor:oneplusmodel:onescope:eqversion:0

Trust: 0.3

vendor:oneplusmodel:hydrogenosscope:eqversion:3.0

Trust: 0.3

vendor:oneplusmodel:3tscope:eqversion:0

Trust: 0.3

vendor:oneplusmodel: - scope:eqversion:30

Trust: 0.3

vendor:oneplusmodel: - scope:eqversion:20

Trust: 0.3

sources: CNVD: CNVD-2017-06955 // BID: 98500 // JVNDB: JVNDB-2017-004054 // CNNVD: CNNVD-201705-635 // NVD: CVE-2017-5948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5948
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-5948
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06955
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-635
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-5948
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5948
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-06955
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-5948
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06955 // VULMON: CVE-2017-5948 // JVNDB: JVNDB-2017-004054 // CNNVD: CNNVD-201705-635 // NVD: CVE-2017-5948

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-004054 // NVD: CVE-2017-5948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-635

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201705-635

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004054

PATCH
title:Top Pageurl:https://oneplus.net/
Trust: 0.8
title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-5948 // 
            
            
            
            JVNDB: JVNDB-2017-004054

EXTERNAL IDS
db:NVDid:CVE-2017-5948
Trust: 3.4
db:JVNDBid:JVNDB-2017-004054
Trust: 0.8
db:CNVDid:CNVD-2017-06955
Trust: 0.6
db:CNNVDid:CNNVD-201705-635
Trust: 0.6
db:BIDid:98500
Trust: 0.4
db:VULMONid:CVE-2017-5948
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06955 // 
            
            
            
            VULMON: CVE-2017-5948 // 
            
            
            
            BID: 98500 // 
            
            
            
            JVNDB: JVNDB-2017-004054 // 
            
            
            
            CNNVD: CNNVD-201705-635 // 
            
            
            
            NVD: CVE-2017-5948

REFERENCES
url:https://alephsecurity.com/vulns/aleph-2017008
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5948
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5948
Trust: 0.8
url:https://oneplus.net/
Trust: 0.3
url:https://alephsecurity.com/2017/05/11/oneplus-ota/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/98500
Trust: 0.1
url:https://github.com/lnick2023/nicenice
Trust: 0.1
url:https://github.com/qazbnm456/awesome-cve-poc
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06955 // 
            
            
            
            VULMON: CVE-2017-5948 // 
            
            
            
            BID: 98500 // 
            
            
            
            JVNDB: JVNDB-2017-004054 // 
            
            
            
            CNNVD: CNNVD-201705-635 // 
            
            
            
            NVD: CVE-2017-5948

CREDITS
Roee Hay of Aleph Research, HCL Technologies
Trust: 0.3
sources:
            
            
            BID: 98500

SOURCES
db:CNVDid:CNVD-2017-06955
db:VULMONid:CVE-2017-5948
db:BIDid:98500
db:JVNDBid:JVNDB-2017-004054
db:CNNVDid:CNNVD-201705-635
db:NVDid:CVE-2017-5948

LAST UPDATE DATE
2025-04-20T23:34:26.233000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06955date:2017-05-18T00:00:00
db:VULMONid:CVE-2017-5948date:2019-10-03T00:00:00
db:BIDid:98500date:2017-05-11T00:00:00
db:JVNDBid:JVNDB-2017-004054date:2017-06-15T00:00:00
db:CNNVDid:CNNVD-201705-635date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5948date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06955date:2017-05-18T00:00:00
db:VULMONid:CVE-2017-5948date:2017-05-11T00:00:00
db:BIDid:98500date:2017-05-11T00:00:00
db:JVNDBid:JVNDB-2017-004054date:2017-06-15T00:00:00
db:CNNVDid:CNNVD-201705-635date:2017-05-12T00:00:00
db:NVDid:CVE-2017-5948date:2017-05-11T18:29:00.220