Lucene search

OPPOCVE-2023-26309

HistoryAug 10, 2023 - 9:15 a.m.

CVE-2023-26309

2023-08-1009:15:09

OPPO

web.nvd.nist.gov

cve-2023-26309

remote code execution

webview component

oneplus store app

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

A remote code execution vulnerability in the webview component of OnePlus Store app.

Affected configurations

Nvd

Node

oneplusstoreMatch3.3.0android

VendorProductVersionCPE
oneplusstore3.3.0cpe:2.3:a:oneplus:store:3.3.0:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
oneplus	store	3.3.0	cpe:2.3:a:oneplus:store:3.3.0:::::android::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OnePlus Store",
    "vendor": "OPPO",
    "versions": [
      {
        "status": "affected",
        "version": "3.3.0"
      }
    ]
  }
]

References

security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Related for CVE-2023-26309