Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
911025.0%CRITICAL

Related CVEs

11
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-15515The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakageMEDIUM6.97.1%Mar 13, 2026
CVE-2025-15567Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.MEDIUM5.13.3%Feb 27, 2026
CVE-2025-15509The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.HIGH7.116.2%Feb 27, 2026
CVE-2021-26277The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.CRITICAL9.8Feb 17, 2023
CVE-2020-12488The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.MEDIUM5.510.1%Nov 10, 2021
CVE-2020-12483The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.MEDIUM6.147.6%Mar 23, 2021
CVE-2020-12485The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.MEDIUM5.517.6%Nov 10, 2020
CVE-2018-15000The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). This app contains an exported service named com.vivo.smartshot.ui.service.ScreenRecordService that will record the screen for 60 minutes and write the mp4 file to a location of the user's choosing. Normally, a recording notification will be visible to the user, but we discovered an approach to make it mostly transparent to the user by quickly removing a notification and floating icon. The user can see a floating icon and notification appear and disappear quickly due to quickly stopping and restarting the service with different parameters that do not interfere with the ongoing screen recording. The screen recording lasts for 60 minutes and can be written directly to the attacking app's private directory.NONE27.9%Apr 25, 2019
CVE-2018-15002The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties with the persist.* prefix can be set which will survive a reboot. On the Vivo V7 device, when the persist.sys.input.log property is set to have a value of yes, the user's screen touches be written to the logcat log by the InputDispatcher for all apps. The system-wide logcat log can be obtained from external storage via a different known vulnerability on the device. The READ_EXTERNAL_STORAGE permission is necessary to access the log files containing the user's touch coordinates. With some effort, the user's touch coordinates can be mapped to key presses on a keyboard.NONE21.3%Dec 28, 2018
CVE-2018-15001The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files.NONE31.4%Dec 28, 2018
CVE-2017-17463Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.NONE67.9%Dec 8, 2017