Description
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
Published: 2026-06-12
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The PcSuite authentication flaw allows attackers to gain unauthorized access to the victim’s device through a defect in the Bluetooth authentication mechanism. Identified as CWE‑306 (Incorrect Authentication), the weakness enables an attacker to bypass access controls and access or modify device data, potentially leading to broader compromise. This represents a severe privacy and security violation.

Affected Systems

The vulnerability affects vivo’s PcSuite application. Because no specific version ranges are supplied in the advisory, all installations of PcSuite that have not applied the vendor’s forthcoming resolution may be susceptible.

Risk and Exploitability

The CVSS score of 9.4 indicates very high severity. The EPSS score is not available, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is proximity‑based Bluetooth interaction; an attacker must be within the operational range of the Bluetooth connection to exploit the flaw. The risk is significant but the exploit probability remains unclear without further data.

Generated by OpenCVE AI on June 12, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install the latest PcSuite update that addresses the authentication defect once it is released by vivo.
  • When Bluetooth is not required, disable it on the device to eliminate the attack surface for this flaw.
  • Limit PcSuite’s Bluetooth permissions to restrict access to only essential data and operations, reducing the amount of information that could be leaked.

Generated by OpenCVE AI on June 12, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Vivo
Vivo pcsuite
Vendors & Products Vivo
Vivo pcsuite

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Bluetooth Authentication Defect Causes Information Leakage in vivo PcSuite

Fri, 12 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection. An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H'}

Fri, 12 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
Title Bluetooth Authentication Defect Causes Information Leakage in vivo PcSuite

Fri, 12 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection.
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Vivo Pcsuite
cve-icon MITRE

Status: PUBLISHED

Assigner: Vivo

Published:

Updated: 2026-06-12T13:52:08.489Z

Reserved: 2026-06-08T01:15:07.351Z

Link: CVE-2026-11535

cve-icon Vulnrichment

Updated: 2026-06-12T13:51:30.546Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T09:16:28.497

Modified: 2026-06-12T16:06:47.720

Link: CVE-2026-11535

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:59Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function