vivo

Home

>

Support

>

Security Advisory

>

Details

Security Advisory | Broken Access Control Vulnerability in Jovi Smart Scene

Original release date: 2021-03-24

CVE ID

CVE-2020-12488

CVSS 3.1 Base Score

5.5 Medium (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Description

The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.

Software Versions and Fixes

Temporary Fix

NA

Obtaining Fixed Software

The vulnerability can be fixed by updating the Jovi Smart Scene.

Source

Qing Zhang from WuHeng Lab of Bytedance

Update Records

2020-03-22 V1.0 初始发布

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.