CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27387 – OPPPO Clone Phone uses weak WPA passphrase as only means of security
https://notcve.org/view.php?id=CVE-2025-27387
23 Jun 2025 — OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26310 – Command Injection In OPPO Service
https://notcve.org/view.php?id=CVE-2023-26310
09 Aug 2023 — There is a command injection problem in the old version of the mobile phone backup app. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23246
https://notcve.org/view.php?id=CVE-2021-23246
11 Mar 2022 — In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. En ACE2 ColorOS11, el atacante puede obtener el nombre del paquete en primer plano mediante la promoción de permisos, resultando en una divulgación de información del usuario • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1502209104851247104 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23244
https://notcve.org/view.php?id=CVE-2021-23244
27 Dec 2021 — ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. ColorOS preconcede permisos peligrosos a las aplicaciones que figuran en una lista blanca xml denominada default-grant-permissions.Pero algunas aplicaciones de la lista blanca no están instaladas, el atacante puede disfrazar la aplicación con el mismo nombre de paque... • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11829
https://notcve.org/view.php?id=CVE-2020-11829
19 Nov 2020 — Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. Una carga dinámica de servicios en el SDK de copia de seguridad y restauración conlleva a una escalada de privilegios, el producto afectado es com.coloros.codebook versión V2.0.0_5493e40_200722 • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11828
https://notcve.org/view.php?id=CVE-2020-11828
21 Apr 2020 — In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. En ColorOS (sistema operativo de telefonía móvil oppo, basado en código surfaceflinger.CPP de positio... • https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033 • CWE-908: Use of Uninitialized Resource •