Security Advisory | Incorrect Default Option Setting Vulnerability in Wifi Module
Original release date: 2021-03-24
CVE ID
CVE-2020-12484
CVSS 3.1 Base Score
6.4 Medium (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
Description
When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.
Software Versions and Fixes
- Software Affected Version Fixed Version
- The wifi module Versions earlier than 8.12.0.0 Upgrade to 8.12.0.0 or later
Temporary Fix
NA
Obtaining Fixed Software
The vulnerability can be fixed by upgrading the Android 10 version.
Source
ByteDance Security Center Zheng Yuwei.
Update Records
2021-3-24 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.