Primary

Context

Lenovo Vantage and Baiying Input Validation Vulnerability in DeviceSettingsSystemAddin Allowing Registry Modification

Vulnerability

Patched

An input validation vulnerability exists in the DeviceSettingsSystemAddin component of Lenovo Vantage and Lenovo Baiying. This vulnerability could enable a local authenticated user to modify arbitrary registry keys with elevated privileges. The issue arises from insufficient input validation, allowing unauthorized changes to the registry.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of the Windows registry, potentially allowing for further privilege escalation or manipulation of system settings.

Remediation

Users are advised to update the Vantage DeviceSettingsSystemAddin to version 1.0.8.15 or later. This addin is automatically updated by Lenovo Vantage. For Lenovo products sold in China, refer to the Lenovo China support site for update instructions.

Added: Mar 11, 2026, 9:32 PM

Updated: Mar 11, 2026, 9:32 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.8

exploitability

3.3

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.8

exploitability

3.3

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenovo Vantage and Baiying Input Validation Vulnerability in DeviceSettingsSystemAddin Allowing Registry Modification

Vulnerability

Impact

Remediation

Affected Products

Lenovo Vantage

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating