CVE-2021-3720 : What You Need to Know

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) by Lenovo. The vulnerability could allow other applications to access device GPS data.

Understanding CVE-2021-3720

This section will provide insights into the nature and impact of CVE-2021-3720.

What is CVE-2021-3720?

CVE-2021-3720 is an information disclosure vulnerability affecting Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) by Lenovo. The vulnerability allows unauthorized access to the device's GPS data.

The Impact of CVE-2021-3720

The medium severity vulnerability with a base score of 5.5 can lead to high confidentiality impact on affected devices.

Technical Details of CVE-2021-3720

Explore the technical aspects of this vulnerability to understand its implications.

Vulnerability Description

The vulnerability allows other applications to access GPS data on Legion Phone Pro and Legion Phone2 Pro, posing a risk to user privacy.

Affected Systems and Versions

Legion Phone Pro (L79031) versions less than 12.5.231 and Legion Phone2 Pro (L70081) versions less than 12.5.632 are affected by this vulnerability.

Exploitation Mechanism

The vulnerability can be exploited by malicious applications to retrieve GPS data from the affected devices.

Mitigation and Prevention

Learn how to protect your devices and data from CVE-2021-3720.

Immediate Steps to Take

For Legion Phone Pro (L79031), update to version 12.5.231 or later. For Legion Phone2 Pro (L70081), update to version 12.5.632 or later.

Long-Term Security Practices

Regularly update your device's software and monitor for security patches to prevent similar vulnerabilities.

Patching and Updates

Check for system updates wirelessly via Settings > My Phone > System Update. Follow on-screen instructions to download, install, and restart your device after updating.