← back
CVE-2020-12485

CVE-2020-12485

CVSS 5.5 MEDIUMEPSS 0.3%CWE-125
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Nov 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
vivo · The frame touch module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.vivo.com/en/support/security-advisory-detail?id=2