Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OPPO

Source -

CNA

BOS Name -

N/A

CNA CVEs -

11

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
11Vulnerabilities found
CVE-2026-22069
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.64%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 02:47
Updated-19 May, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
O+ Connect Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

Action-Not Available
Vendor-OPPO
Product-O+ Connect
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-22070
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.1||HIGH
EPSS-0.04% / 14.31%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 08:27
Updated-05 May, 2026 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColorOS Assistant Path Traversal Vulnerability

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

Action-Not Available
Vendor-oppoOPPO
Product-coloros_assistantColorOS Assistant
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-22077
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.6||MEDIUM
EPSS-0.01% / 2.61%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 06:37
Updated-19 May, 2026 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.

Action-Not Available
Vendor-OPPO
Product-OPPO Wallet APP
CWE ID-CWE-346
Origin Validation Error
CVE-2025-27388
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-8.3||HIGH
EPSS-0.73% / 73.04%
||
7 Day CHG+0.45%
Published-14 Aug, 2025 | 07:15
Updated-14 Aug, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.

Action-Not Available
Vendor-OPPO
Product-OPPO HEALTH APP
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27387
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-0.14% / 33.41%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 09:28
Updated-06 Jan, 2026 | 06:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Clone Phone uses weak WPA passphrase as only means of security

OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.

Action-Not Available
Vendor-OPPO
Product-ColorOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1609
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-8.7||HIGH
EPSS-0.10% / 26.88%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 03:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Store APP has a WebView component privilege escalation vulnerability.

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.

Action-Not Available
Vendor-OPPO
Product-OPPP Store
CWE ID-CWE-287
Improper Authentication
CVE-2024-1610
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-8.7||HIGH
EPSS-0.80% / 74.46%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 06:18
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Store app include remote account token hijacking and sensitive information leakage

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

Action-Not Available
Vendor-OPPO
Product-OPPO Store APP
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-287
Improper Authentication
CVE-2024-1608
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 47.30%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:09
Updated-02 Apr, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Usercenter Credit sdk

In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.

Action-Not Available
Vendor-oppoOPPOoppo
Product-usercenter_credit_software_development_kitUsercenter Credit sdkusercenter_credit_sdk
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2023-26311
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-1.42% / 81.00%
||
7 Day CHG+0.09%
Published-10 Aug, 2023 | 10:32
Updated-08 Oct, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A remote code execution vulnerability in the webview component of OPPO Store app.

A remote code execution vulnerability in the webview component of OPPO Store app.

Action-Not Available
Vendor-oppoOPPO
Product-oppo_storeOPPO Store
CVE-2023-26309
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-1.42% / 81.00%
||
7 Day CHG+0.09%
Published-10 Aug, 2023 | 08:34
Updated-08 Oct, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A remote code execution vulnerability in the webview component

A remote code execution vulnerability in the webview component of OnePlus Store app.

Action-Not Available
Vendor-oneplusOPPO
Product-storeOnePlus Store
CVE-2023-26310
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-0.37% / 59.15%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 06:13
Updated-09 Oct, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection In OPPO Service

There is a command injection problem in the old version of the mobile phone backup app.

Action-Not Available
Vendor-oppoOPPO
Product-colorosfind_x3OPPO Find X3
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')