CVE-2021-3720

Published: Nov 12, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.

Affected (2)

Products: Lenovo: Legion Phone Pro (l79031)firmware, Legion Phone2 Pro (l70081) Firmware

Lenovo

2 products

Legion Phone Pro (l79031)firmware

Legion Phone2 Pro (l70081) Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Phone Pro (l79031)firmware	Before 12.5.231

Running on/with	Platform Versions
Lenovo Legion Phone Pro (l79031)	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Legion Phone2 Pro (l70081) Firmware	Before 12.5.632

Running on/with	Platform Versions
Lenovo Legion Phone2 Pro (l70081)	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://iknow.lenovo.com.cn/detail/dc_199217.html

Source: psirt@lenovo.com

Vendor Advisory

https://iknow.lenovo.com.cn/detail/dc_199217.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.