Improper Permission Control in WiFi Module Affects Vivo Devices
CVE-2021-26278

6.3MEDIUM

Key Information:

Vendor: Vivo
Status: Wifi
Vendor: CVE Published:; 17 December 2024

What is CVE-2021-26278?

CVE-2021-26278 is a critical vulnerability affecting the WiFi module of certain Vivo devices. This vulnerability arises from improper permission controls, which can leak sensitive information about the device and potentially expose user data to unauthorized access. This issue underscores the need for stringent security measures in software development, particularly concerning wireless communication modules. Users are advised to check for updates and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Wifi Versions earlier than Android 10

References

https://www.vivo.com/en/support/security-advisory-detail?...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024
Vulnerability Reserved
Jan 27, 2021