Vivvo
Products
5- 14 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11535 | Cri | 0.61 | — | 0.00 | Jun 12, 2026 | An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device. | ||
| CVE-2024-13186 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2025 | The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | ||
| CVE-2024-13185 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2025 | The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | ||
| CVE-2024-13173 | Hig | 0.49 | 7.5 | 0.00 | Jan 8, 2025 | The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | ||
| CVE-2017-17463 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2017 | Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | ||
| CVE-2021-26278 | Med | 0.41 | 6.3 | 0.00 | Dec 17, 2024 | The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device. | ||
| CVE-2025-15515 | Med | 0.36 | 5.5 | 0.00 | Mar 13, 2026 | The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage | ||
| CVE-2026-12058 | Med | 0.34 | — | 0.00 | Jun 12, 2026 | The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. | ||
| CVE-2009-3787 | 0.04 | — | 0.07 | Oct 26, 2009 | files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. | |||
| CVE-2020-12488 | 0.00 | — | 0.00 | Nov 10, 2021 | The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | |||
| CVE-2020-12483 | 0.00 | — | 0.01 | Mar 23, 2021 | The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | |||
| CVE-2018-15000 | 0.00 | — | 0.00 | Apr 25, 2019 | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). This app contains an exported service named… | |||
| CVE-2018-15001 | 0.00 | — | 0.00 | Dec 28, 2018 | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named… | |||
| CVE-2018-15002 | 0.00 | — | 0.00 | Dec 28, 2018 | The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2)… | |||
| CVE-2008-6801 | 0.00 | — | 0.00 | May 7, 2009 | Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2009-0466 | 0.00 | — | 0.01 | Feb 10, 2009 | Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response. |
- risk 0.61cvss —epss 0.00
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
- risk 0.49cvss 7.5epss 0.00
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
- risk 0.49cvss 7.5epss 0.00
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
- risk 0.49cvss 7.5epss 0.00
The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.
- risk 0.49cvss 7.5epss 0.01
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.
- risk 0.41cvss 6.3epss 0.00
The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.
- risk 0.36cvss 5.5epss 0.00
The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage
- risk 0.34cvss —epss 0.00
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
- CVE-2009-3787Oct 26, 2009risk 0.04cvss —epss 0.07
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
- CVE-2020-12488Nov 10, 2021risk 0.00cvss —epss 0.00
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
- CVE-2020-12483Mar 23, 2021risk 0.00cvss —epss 0.01
The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
- CVE-2018-15000Apr 25, 2019risk 0.00cvss —epss 0.00
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). This app contains an exported service named…
- CVE-2018-15001Dec 28, 2018risk 0.00cvss —epss 0.00
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named…
- CVE-2018-15002Dec 28, 2018risk 0.00cvss —epss 0.00
The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2)…
- CVE-2008-6801May 7, 2009risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2009-0466Feb 10, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response.