Pcsuite
Monthly
Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.
Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.
Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.
Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.