CVE-2017-5622

Name of the Vulnerable Software and Affected Versions OnePlus 3 and 3T versions prior to 4.0.3

Description The issue allows a malicious charger or a physical attacker to open an ADB session with the device without authorization when a charger is connected to a powered-off device. This can be used to further exploit other vulnerabilities and/or exfiltrate sensitive information.

Recommendations For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider disabling ADB when the device is powered off to minimize the risk of exploitation.