CVE-2021-3720
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | Legion Phone Pro (L79031) | unspecified < 12.5.231 | affected |
| Lenovo | Legion Phone2 Pro (L70081) | unspecified < 12.5.632 | affected |
Weaknesses
- CWE-276: CWE-276 Incorrect Default Permissions
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.