CVE-2017-5626

Name of the Vulnerable Software and Affected Versions OxygenOS versions prior to 4.0.2

Description The issue is related to insufficient access control in OxygenOS, allowing an attacker to exploit hidden fastboot oem commands (4F500301 and 4F500302) to lock or unlock the bootloader without user confirmation or a factory reset. This enables persistent code execution with high privileges, providing complete access to user data. The exploitation can lead to an attacker gaining root privileges and disclosing protected information by replacing the system partition with a malicious one.

Recommendations For OxygenOS versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the fastboot oem commands (4F500301 and 4F500302) to minimize the risk of exploitation.