Vulnerability Description
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Legion Phone Pro \(L79031\)Firmware | < 12.5.231 |
| Lenovo | Legion Phone Pro \(L79031\) | - |
| Lenovo | Legion Phone2 Pro \(L70081\) Firmware | < 12.5.632 |
| Lenovo | Legion Phone2 Pro \(L70081\) | - |
Related Weaknesses (CWE)
References
- https://iknow.lenovo.com.cn/detail/dc_199217.htmlVendor Advisory
- https://iknow.lenovo.com.cn/detail/dc_199217.htmlVendor Advisory
FAQ
What is CVE-2021-3720?
CVE-2021-3720 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device ...
How severe is CVE-2021-3720?
CVE-2021-3720 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3720?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Legion Phone Pro \(L79031\)Firmware, Lenovo Legion Phone Pro \(L79031\), Lenovo Legion Phone2 Pro \(L70081\) Firmware, Lenovo Legion Phone2 Pro \(L70081\).