Description
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-15374
Scores
CVSS v3
9.8
EPSS
0.0452
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
lenovo/service_framework
Lenovo Group Ltd./Service Framework application
various versions
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026