CVE-2025-4371

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-194466

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se informó de una posible vulnerabilidad en las cámaras web Lenovo 510 FHD y Performance FHD que podría permitir a un atacante con acceso físico escribir actualizaciones de firmware arbitrarias en el dispositivo a través de una conexión USB.

18 Aug 2025, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-18 20:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-4371

Mitre link : CVE-2025-4371

CVE.ORG link : CVE-2025-4371

JSON object : View

Products Affected

No product.

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2025-4371", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-18T20:15:29.407", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-194466", "source": "psirt@lenovo.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection."}, {"lang": "es", "value": "Se inform\u00f3 de una posible vulnerabilidad en las c\u00e1maras web Lenovo 510 FHD y Performance FHD que podr\u00eda permitir a un atacante con acceso f\u00edsico escribir actualizaciones de firmware arbitrarias en el dispositivo a trav\u00e9s de una conexi\u00f3n USB."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@lenovo.com"}