20 results (0.008 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-27387 – OPPPO Clone Phone uses weak WPA passphrase as only means of security

https://notcve.org/view.php?id=CVE-2025-27387

23 Jun 2025 — OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-1609 – OPPO Store APP has a WebView component privilege escalation vulnerability.

https://notcve.org/view.php?id=CVE-2024-1609

25 Dec 2024 — In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. En la aplicación OPPOStore para iOS, existe una posible escalada de privilegios debido a una validación de entrada incorrecta. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-1610 – OPPO Store app include remote account token hijacking and sensitive information leakage

https://notcve.org/view.php?id=CVE-2024-1610

18 Dec 2024 — In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704 • CWE-287: Improper Authentication CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-1608 – OPPO Usercenter Credit sdk

https://notcve.org/view.php?id=CVE-2024-1608

20 Feb 2024 — In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. En OPPO Usercenter Credit SDK, existe una posible escalada de privilegios debido a una verificación de permisos suelta, lo que podría provocar una fuga de información interna de la aplicación sin interacción del usuario. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2023-26311 – A remote code execution vulnerability in the webview component of OPPO Store app.

https://notcve.org/view.php?id=CVE-2023-26311

10 Aug 2023 — A remote code execution vulnerability in the webview component of OPPO Store app. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960 •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-26310 – Command Injection In OPPO Service

https://notcve.org/view.php?id=CVE-2023-26310

09 Aug 2023 — There is a command injection problem in the old version of the mobile phone backup app. • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

CVE-2021-23247

https://notcve.org/view.php?id=CVE-2021-23247

01 Apr 2022 — A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine Una vulnerabilidad de inyección de comandos encontrada en quick game engine permite código remoto arbitrario en la aplicación rápida. Permite a atacantes remotos conseguir una ejecución de código arbitrario en el motor de quick game • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-23246

https://notcve.org/view.php?id=CVE-2021-23246

11 Mar 2022 — In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. En ACE2 ColorOS11, el atacante puede obtener el nombre del paquete en primer plano mediante la promoción de permisos, resultando en una divulgación de información del usuario • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1502209104851247104 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23244

https://notcve.org/view.php?id=CVE-2021-23244

27 Dec 2021 — ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. ColorOS preconcede permisos peligrosos a las aplicaciones que figuran en una lista blanca xml denominada default-grant-permissions.Pero algunas aplicaciones de la lista blanca no están instaladas, el atacante puede disfrazar la aplicación con el mismo nombre de paque... • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976 •

CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0

CVE-2021-23243

https://notcve.org/view.php?id=CVE-2021-23243

27 Sep 2021 — In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. En la aplicación de la batería de Oppo, el SDK de terceros proporciona la función de cargar un proveedor de terceros, que puede ser usada • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1437389627236556800 •