CVE-2021-3720
MEDIUMLenovo Legion Phone Pro and Phone2 Pro Firmware - Unprotected GPS Data Exposure via Time Weather Widget
Title source: llmDescription
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://iknow.lenovo.com.cn/detail/dc_199217.html
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
13.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (2)
lenovo/legion_phone2_pro_\(l70081\)_firmware
< 12.5.632
lenovo/legion_phone_pro_\(l79031\)firmware
< 12.5.231
Published
Nov 12, 2021
Tracked Since
Feb 18, 2026