CVE-2025-14058
2.4
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | Tab M11 TB330FU TB330XU | 0 < 17.0.284 | affected |
| Lenovo | Tab K11 TB330FU | 0 < 17.0.284 | affected |
| Lenovo | Tab K11 TB330FUP | 0 < 17.0.254 | affected |
| Lenovo | Tab K11 TB330XU | 0 < 17.0.084 | affected |
| Lenovo | Tab K11 TB330XUP | 0 < 17.0.254 | affected |
| Lenovo | Idea Tab Pro TB373FU | 0 < ZUI_17.0.04.266_ST_251120 | affected |
| Lenovo | Tab K9 TB305FU | 0 < 17.0.10.118 | affected |
| Lenovo | Tab K9 TB305XU | 0 < 17.0.10.098 | affected |
| Lenovo | Tab Plus TB351FU | 0 < 17.5.10.023 | affected |
| Lenovo | Tab M8 4th Gen 2024 TB301FU | 0 < TB301FU_USR_S000126_250919_MP1V1111_ROW | affected |
| Lenovo | Tab M8 4th Gen 2024 TB301XU | 0 < TB301XU_USR_S000147_250919_MP1V1111_ROW | affected |
| Lenovo | Tab Extreme TB570ZU TB570FU | 0 < 17.5.184 | affected |
| Lenovo | Tab M10 5G TB360ZU | 0 < 16.0.882 | affected |
| Lenovo | Tab M8 4th Gen TB300FU | 0 < TB300XU_USR_S100149_250919_MP1V1111_ROW | affected |
| Lenovo | Tab M8 4th Gen TB300XU | 0 < TB300FU_USR_S100122_250919_MP1V1111_ROW | affected |
| Lenovo | Tab M9 TB310FU | 0 < TB310XU_USR_S000913_2510021921_mp1V969_ROW | affected |
| Lenovo | Tab M9 TB310XU | 0 < TB310FU_USR_S000912_2510022135_mp1V969_ROW | affected |
| Lenovo | Tab P11 2nd Gen TB350XU | 0 < TB350FU_USER_S231044_2601050946 | affected |
| Lenovo | Tab P11 2nd Gen TB350FU | 0 < TB350XU_USER_S231018_2601050930 | affected |
| Lenovo | Tab P12 TB370FU | 0 < 17.0.267 | affected |
| Lenovo | Tab P12 TB372FU | 0 < 17.0.267 | affected |
| Lenovo | Tab K11 Plus LTE TB352FU | 0 < 17.0.10.250 | affected |
| Lenovo | Tab K11 Plus LTE TB352XU | 0 < 17.0.10.242 | affected |
| Lenovo | Yoga Tab Plus TB520FU | 0 < 17.5.10.036 | affected |
| Lenovo | Tab K11 Gen 2 TB336ZU | 0 < 17.0.10.541 | affected |
| Lenovo | TAB7 | 0 < 17.0.10.541 | affected |
| Lenovo | Lenovo Tab with Clear Case TB311FU | 0 < 17.0.30.303 | affected |
| Lenovo | Lenovo Tab with Folio Case TB311XU | 0 < 17.0.31.259 | affected |
| Lenovo | Legion Tab TB321FU | 0 < 17.5.10.031 | affected |
| Lenovo | Legion Tab TB320FC | 0 < 17.0.339 | affected |
| Lenovo | Idea Tab TB336FU | 0 < 17.5.10.041 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.