← back
CVE-2021-3720

CVE-2021-3720

CVSS 5.5 MEDIUMEPSS 0.2%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Lenovo · Legion Phone2 Pro (L70081)Lenovo · Legion Phone Pro (L79031)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://iknow.lenovo.com.cn/detail/dc_199217.html