>

>

Security Advisory

>

Details

Security Advisory | Sensitive information leakage vulnerability in wifi module

Original release date: 2021-06-22 | Last release date: 2021-07-20

CVE ID

CVE-2021-26278

CVSS 3.1 Base Score

6.3 Medium （AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N）

Description

The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.

Software Versions and Fixes

Software Affected Version Fixed Version
The wifi module Versions earlier than Android 10 Upgrade to Android 11 or later

Temporary Fix

NA

Obtaining Fixed Software

The vulnerability can be fixed by upgrading the Android 11 version.

Source

WuHeng Lab of Bytedance

Update Records

2021-06-22 V1.0 INITIAL
2021-07-20 V2.0 Corrected the source

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.