O Connect
Monthly
Local privilege escalation in OPPO's O+ Connect arises because its inter-process communication (IPC) service accepts client connections without authenticating them, letting any external application on the same device invoke privileged operations through the IPC channel. With CVSS 7.3 (scope-changed, high availability impact) and CWE-266 incorrect privilege assignment, a low-privileged local process can perform sensitive actions it should not be authorized for. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in OPPO's O+ Connect application stems from missing caller identity validation on a named pipe interface (CWE-266), allowing a low-privileged local user with user interaction to escalate to higher privileges with high availability impact and scope change. The CVSS 3.1 score is 7.3 and the issue was reported by OPPO itself; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Local privilege escalation in OPPO's O+ Connect arises because its inter-process communication (IPC) service accepts client connections without authenticating them, letting any external application on the same device invoke privileged operations through the IPC channel. With CVSS 7.3 (scope-changed, high availability impact) and CWE-266 incorrect privilege assignment, a low-privileged local process can perform sensitive actions it should not be authorized for. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in OPPO's O+ Connect application stems from missing caller identity validation on a named pipe interface (CWE-266), allowing a low-privileged local user with user interaction to escalate to higher privileges with high availability impact and scope change. The CVSS 3.1 score is 7.3 and the issue was reported by OPPO itself; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.