vivo 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk open redirect、パス処理の欠陥, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact memory corruption and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-15515 | The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage | [email protected] | 6.9 | 0.17% | 2026-03-13 | 2026-06-17 |
| CVE-2025-15567 | Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. | [email protected] | 5.1 | 0.13% | 2026-02-27 | 2026-06-17 |
| CVE-2025-15509 | The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage. | [email protected] | 7.1 | 0.25% | 2026-02-27 | 2026-06-17 |
| CVE-2021-26277 | The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | [email protected] | 5.6 | 0.34% | 2023-02-17 | 2026-06-16 |
| CVE-2020-12488 | The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | [email protected] | 5.5 | 0.20% | 2021-11-10 | 2026-06-16 |
| CVE-2020-12483 | The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | [email protected] | 8.2 | 0.68% | 2021-03-23 | 2026-06-16 |
| CVE-2020-12485 | The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. | [email protected] | 5.5 | 0.26% | 2020-11-10 | 2026-06-16 |
| CVE-2018-15000 | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). This app contains an exported service named com.vivo.smartshot.ui.service.ScreenRecordService that will record the screen for 60 minutes and write the mp4 file to a location of the user's choosing. Normally, a recording notification will be visible to the user, but we discovered an | [email protected] | 6.3 | 0.36% | 2019-04-25 | 2026-06-16 |
| CVE-2018-15002 | The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties wi | [email protected] | 4.7 | 0.30% | 2018-12-28 | 2026-06-16 |
| CVE-2018-15001 | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status | [email protected] | 5.5 | 0.40% | 2018-12-28 | 2026-06-16 |
| CVE-2017-17463 | Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | [email protected] | 7.5 | 1.34% | 2017-12-08 | 2026-06-16 |