Vulnerability Description
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oneplus | Oxygenos | All versions |
| Oneplus | Oneplus 3T | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98495
- https://alephsecurity.com/vulns/aleph-2017022ExploitTechnical DescriptionThird Party Advisory
- https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/Vendor Advisory
- http://www.securityfocus.com/bid/98495
- https://alephsecurity.com/vulns/aleph-2017022ExploitTechnical DescriptionThird Party Advisory
- https://forums.oneplus.net/threads/ota-and-imei-over-http.453992/Vendor Advisory
FAQ
What is CVE-2016-10370?
CVE-2016-10370 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to...
How severe is CVE-2016-10370?
CVE-2016-10370 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10370?
Check the references section above for vendor advisories and patch information. Affected products include: Oneplus Oxygenos, Oneplus Oneplus 3T.