CVE-2021-3720

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
lenovoCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
lenovolegion_phone_pro_\(l79031\)firmware
𝑥
< 12.5.231
lenovolegion_phone2_pro_\(l70081\)_firmware
𝑥
< 12.5.632
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://iknow.lenovo.com.cn/detail/dc_199217.html
https://iknow.lenovo.com.cn/detail/dc_199217.html