Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OPPO

Source -

CNA

BOS Name -

N/A

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2025-27388
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-8.3||HIGH
EPSS-0.10% / 29.03%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 07:15
Updated-14 Aug, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.

Action-Not Available
Vendor-OPPO
Product-OPPO HEALTH APP
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27387
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 09:28
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPPO Clone Phone uses weak WPA passphrase as only means of security

OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.

Action-Not Available
Vendor-OPPO
Product-ColorOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1609
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-8.7||HIGH
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 03:14
Updated-26 Dec, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Store APP has a WebView component privilege escalation vulnerability.

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.

Action-Not Available
Vendor-OPPO
Product-OPPP Store
CWE ID-CWE-287
Improper Authentication
CVE-2024-1610
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-8.7||HIGH
EPSS-0.17% / 38.42%
||
7 Day CHG+0.02%
Published-18 Dec, 2024 | 06:18
Updated-18 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Store app include remote account token hijacking and sensitive information leakage

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

Action-Not Available
Vendor-OPPO
Product-OPPO Store APP
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-1608
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 46.95%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:09
Updated-02 Apr, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OPPO Usercenter Credit sdk

In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.

Action-Not Available
Vendor-oppoOPPOoppo
Product-usercenter_credit_software_development_kitUsercenter Credit sdkusercenter_credit_sdk
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2023-26311
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-1.49% / 80.30%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 10:32
Updated-08 Oct, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A remote code execution vulnerability in the webview component of OPPO Store app.

A remote code execution vulnerability in the webview component of OPPO Store app.

Action-Not Available
Vendor-oppoOPPO
Product-oppo_storeOPPO Store
CVE-2023-26309
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-1.49% / 80.30%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 08:34
Updated-08 Oct, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A remote code execution vulnerability in the webview component

A remote code execution vulnerability in the webview component of OnePlus Store app.

Action-Not Available
Vendor-oneplusOPPO
Product-storeOnePlus Store
CVE-2023-26310
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-7.4||HIGH
EPSS-0.51% / 65.43%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 06:13
Updated-09 Oct, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection In OPPO Service

There is a command injection problem in the old version of the mobile phone backup app.

Action-Not Available
Vendor-oppoOPPO
Product-colorosfind_x3OPPO Find X3
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')