Primary

Context

Lenovo Vantage and Baiying Input Validation Vulnerability Allowing Registry Key Deletion

Vulnerability

Patched

An input validation vulnerability exists in the DeviceSettingsSystemAddin component of Lenovo Vantage and Lenovo Baiying. This vulnerability could enable a local authenticated user to delete arbitrary registry keys with elevated privileges. The issue arises from insufficient input validation, allowing unauthorized modifications to the Windows registry.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of registry keys, potentially disrupting system configuration or application behavior.

Remediation

Users should update the Vantage DeviceSettingsSystemAddin to version 1.0.8.15 or later. This addin is automatically updated by Lenovo Vantage. For Lenovo Baiying, similar update mechanisms may apply, but users should consult Lenovo's support resources for specific guidance.

Added: Mar 11, 2026, 9:31 PM

Updated: Mar 11, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.8

exploitability

3.3

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.8

exploitability

3.3

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenovo Vantage and Baiying Input Validation Vulnerability Allowing Registry Key Deletion

Vulnerability

Impact

Remediation

Affected Products

Lenovo Vantage

Lenovo Baiying

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating