Impact
The vulnerability stems from the IPC service in O+ Connect lacking authentication for clients. Because external applications can communicate through the IPC channel without verification, they can send privileged commands and perform sensitive actions. This flaw is a classic privilege‑escalation vector, as described by CWE‑266, allowing a local attacker to gain higher permissions than intended.
Affected Systems
The affected product is O+ Connect from OPPO. No specific product versions are listed in the CVE data, so any installation distributed by OPPO that has not yet been patched may be impacted.
Risk and Exploitability
The CVSS score of 7.3 indicates a high severity. The EPSS score is not available, but the vulnerability is not in the CISA KEV catalog, suggesting limited known exploitation. The likely attack vector is local or from an application able to access IPC channels; based on the description, it is inferred that a malicious or compromised app can leverage the unauthenticated IPC to elevate privileges.
OpenCVE Enrichment