CVE-2017-5623

Name of the Vulnerable Software and Affected Versions OxygenOS versions prior to 4.1.0

Description An issue was discovered that allows an attacker to change the boot mode of the device by issuing a specific command, contradicting the Android threat model where the bootloader should not allow security-sensitive operations unless it is unlocked.

Recommendations For OxygenOS versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the fastboot command to minimize the risk of exploitation. Avoid using the fastboot oem boot mode command with parameters such as {rf/wlan/ftm/normal} until the issue is resolved.