CVE-2020-13626

MEDIUM

OnePlus App Locker < 2020-10-06 - Missing Authorization via Google Assistant

Title source: llm
STIX 2.1

Description

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

References (2)

Core 2

Scores

CVSS v3 4.6
EPSS 0.0032
EPSS Percentile 23.4%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
oneplus/app_locker < 2020-10-06
Published Oct 09, 2020
Tracked Since Feb 18, 2026