CVE-2024-13186

CVE-2024-13186 is a vulnerability in the MinigameCenter module stemming from insufficient restrictions on loading URLs, which can result in information leakage. This issue is tied to software from Vivo, as detailed in their security advisory. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is classified under CWE-306 (Missing Authentication for Critical Function). It was published on 2025-01-08.

The attack scenario involves unauthenticated remote attackers who can exploit the flaw over the network with low attack complexity and no user interaction required. Exploitation enables high-impact confidentiality violations, allowing attackers to access leaked information without compromising system integrity or availability.

Vivo has published a security advisory addressing this vulnerability, available at https://www.vivo.com/en/support/security-advisory-detail?id=16, which security practitioners should consult for details on patches and mitigation steps.