>

>

Security Advisory

>

Details

Security Advisory | Incorrect Default Option Setting Vulnerability in Wifi Module

Original release date: 2021-03-24

CVE ID

CVE-2020-12484

CVSS 3.1 Base Score

6.4 Medium （AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N）

Description

When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.

Software Versions and Fixes

Software Affected Version Fixed Version
The wifi module Versions earlier than 8.12.0.0 Upgrade to 8.12.0.0 or later

Temporary Fix

NA

Obtaining Fixed Software

The vulnerability can be fixed by upgrading the Android 10 version.

Source

ByteDance Security Center Zheng Yuwei.

Update Records

2021-3-24 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.