Security Advisory | Broken Access Control Vulnerability in Jovi Smart Scene
Original release date: 2021-03-24 | Last release date: 2021-07-20
CVE ID
CVE-2020-12488
CVSS 3.1 Base Score
5.5 Medium (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Description
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
Software Versions and Fixes
- Software Affected Version Fixed Version
- Jovi Smart Scene Versions earlier than 6.2.2.5 Upgrade to 6.2.2.52 or later
Temporary Fix
NA
Obtaining Fixed Software
The vulnerability can be fixed by updating the Jovi Smart Scene.
Source
WuHeng Lab of Bytedance
Update Records
2020-03-22 V1.0 INITIAL
2021-07-20 V2.0 Corrected the source
2021-07-20 V2.0 Corrected the source
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.