CVE-2025-4371 | THREATINT

Description

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.

PUBLISHED Reserved 2025-05-05 | Published 2025-08-18 | Updated 2025-08-19 | Assigner lenovo

HIGH: 7.0CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-347: Improper Verification of Cryptographic Signature

Product status

Default status

unaffected

Any version before 4.8.0

affected

Default status

unaffected

Any version before 4.8.0

affected

Credits

Lenovo thanks Mickey Shkatov and Jesse Michael of Eclypsium for reporting this issue. finder

References

support.lenovo.com/us/en/product_security/LEN-194466

cve.org (CVE-2025-4371)

nvd.nist.gov (CVE-2025-4371)

Download JSON

help @ threatint.eu