CVE-2021-3720

Summary

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.

Affected Software

VendorProductVersion RangeStatus
LenovoLegion Phone Pro (L79031)unspecified < 12.5.231affected
LenovoLegion Phone2 Pro (L70081)unspecified < 12.5.632affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References