Sensitive Information Disclosure in Lenovo Android Browsers
CVE-2023-6540

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovo Browser Mobile; Lenovo Browser HD
Vendor: CVE Published:; 3 January 2024

Summary

A vulnerability exists in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android, which could be exploited by attackers to create a malicious payload. This could lead to the unauthorized disclosure of sensitive information from users, posing potential risks to their privacy and security. Users of affected versions are advised to stay updated and follow recommended mitigation practices.

Affected Version(s)

Lenovo Browser HD < 2.1.4.1

Lenovo Browser Mobile < 8.7.1.1

References

https://iknow.lenovo.com.cn/detail/419251

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Dec 5, 2023

Credit

Lenovo thanks CNVD for reporting this vulnerability