VYPR
Medium severity5.3NVD Advisory· Published May 18, 2020· Updated Jun 17, 2026

CVE-2020-12860

CVE-2020-12860

Description

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.