CVE-2020-12483 HIGH

CVE-2020-12483: AppStore Remote Download and Installation Vulnerability

Vendor Vivo
Product appstore
Weakness CWE-601 · Open redirect
Published March 23, 2021
Last update September 16, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.

Key dates

02Disclosure timeline

March 23, 2021 CVE published
September 16, 2024 Record updated