Vulnerabilities > Vivo

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2021-26277 Unspecified vulnerability in Vivo Frame Service
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
network
low complexity
vivo
critical
9.8
2021-11-10 CVE-2020-12488 Exposure of Resource to Wrong Sphere vulnerability in Vivo Jovi Smart Scene 6.2.2.5
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
local
low complexity
vivo CWE-668
5.5
2021-03-23 CVE-2020-12483 Open Redirect vulnerability in Vivo Appstore
The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
network
low complexity
vivo CWE-601
6.1
2020-11-10 CVE-2020-12485 Out-of-bounds Read vulnerability in Vivo Frame Touch Module 10
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.
local
low complexity
vivo CWE-125
5.5
2019-04-25 CVE-2018-15000 Unspecified vulnerability in Vivo V7 Firmware
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0).
local
high complexity
vivo
6.3
2018-12-28 CVE-2018-15002 Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 7.1.2
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user.
local
high complexity
vivo CWE-532
4.7
2018-12-28 CVE-2018-15001 Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 1.0
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage.
local
low complexity
vivo CWE-532
5.5
2017-12-08 CVE-2017-17463 Information Exposure vulnerability in Vivo Modem Firmware
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.
network
low complexity
vivo CWE-200
7.5