CVE-2021-3720

EUVD-2021-27000
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
lenovoCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
lenovolegion_phone_pro_\(l79031\)firmware
𝑥
< 12.5.231
lenovolegion_phone2_pro_\(l70081\)_firmware
𝑥
< 12.5.632
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://iknow.lenovo.com.cn/detail/dc_199217.html
https://iknow.lenovo.com.cn/detail/dc_199217.html