Description
The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage
Published: 2026-03-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Leakage
Action: Patch
AI Analysis

Impact

The vulnerability is a missing authentication mechanism in the EasyShare module, which can lead to data leakage if specific conditions on a local network are met. The weakness is identified as CWE‑306 (Missing Authentication for a Function or Operation). This flaw may allow a local attacker to access sensitive data stored or transmitted by the EasyShare feature, thereby compromising confidentiality but not impacting system integrity or availability.

Affected Systems

The affected product is vivo EasyShare, a feature in vivo devices. Affected versions are not explicitly enumerated in the vendor data; therefore, all currently deployed EasyShare implementations should be considered at risk until the vendor issues a fixed version.

Risk and Exploitability

The CVSS base score is 6.9 (medium). EPSS indicates the probability of exploitation is less than 1 %, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is local network based on the description, which suggests that an attacker with local network access could exploit the flaw. Immediate patching is recommended since the vulnerability could expose sensitive data.

Generated by OpenCVE AI on March 19, 2026 at 14:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the official vivo security advisory (https://www.vivo.com/en/support/security-advisory-detail?id=21) for an available patch or update for the EasyShare module.
  • Apply any released vendor patch or update to the EasyShare firmware/software.
  • If a patch is not yet available, monitor local network traffic for unauthorized data transmission and restrict access to the EasyShare feature until an update is applied.

Generated by OpenCVE AI on March 19, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
Title Authentication bypass in EasyShare leading to local network data leakage

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Vivo
Vivo easyshare
Vendors & Products Vivo
Vivo easyshare

Fri, 13 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Vivo Easyshare
cve-icon MITRE

Status: PUBLISHED

Assigner: Vivo

Published:

Updated: 2026-03-13T14:12:55.422Z

Reserved: 2026-01-13T03:21:41.870Z

Link: CVE-2025-15515

cve-icon Vulnrichment

Updated: 2026-03-13T14:12:51.057Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:50.557

Modified: 2026-03-16T14:54:11.293

Link: CVE-2025-15515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:46Z

Weaknesses