Description
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
References (1)
Core 1
Core References
Various Sources
https://www.vivo.com/en/support/security-advisory-detail?id=13
Scores
CVSS v4
2.4
EPSS
0.0020
EPSS Percentile
9.6%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
vivo/Game Extension Engine
versions below 1.2.7.0
Published
Nov 28, 2024
Tracked Since
Feb 18, 2026