Aggregates CVE and security vulnerability intelligence across all vivo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk open redirect, vendor risk path handling, and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption and vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-15567 | Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. | [email protected] | 5.1 | 0.01% | 2026-02-27 | 2026-03-09 |
| CVE-2025-15509 | The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage. | [email protected] | 7.1 | 0.03% | 2026-02-27 | 2026-03-09 |
| CVE-2021-26277 | The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | [email protected] | 5.6 | 0.43% | 2023-02-17 | 2024-11-21 |
| CVE-2020-12488 | The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | [email protected] | 5.5 | 0.06% | 2021-11-10 | 2024-11-21 |
| CVE-2020-12483 | The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | [email protected] | 8.2 | 0.23% | 2021-03-23 | 2024-11-21 |
| CVE-2020-12485 | The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. | [email protected] | 5.5 | 0.04% | 2020-11-10 | 2024-11-21 |
| CVE-2018-15000 | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). This app contains an exported service named com.vivo.smartshot.ui.service.ScreenRecordService that will record the screen for 60 minutes and write the mp4 file to a location of the user's choosing. Normally, a recording notification will be visible to the user, but we discovered an | [email protected] | 6.3 | 0.08% | 2019-04-25 | 2024-11-21 |
| CVE-2018-15002 | The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties wi | [email protected] | 4.7 | 0.06% | 2018-12-28 | 2024-11-21 |
| CVE-2018-15001 | The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status | [email protected] | 5.5 | 0.05% | 2018-12-28 | 2024-11-21 |
| CVE-2017-17463 | Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | [email protected] | 7.5 | 0.33% | 2017-12-08 | 2026-05-13 |