CVE-2020-12484
MEDIUMvivo Wifi < 8.12.0.0 - Missing Authentication for Critical Function
Title source: llmDescription
When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.
References (1)
Core 1
Core References
Various Sources
https://www.vivo.com/en/support/security-advisory-detail?id=3
Scores
CVSS v3
6.4
EPSS
0.0022
EPSS Percentile
12.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
vivo/Wifi
Versions earlier than 8.12.0.0
Published
Dec 17, 2024
Tracked Since
Feb 18, 2026