Published: 26/01/2016 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 4.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 8 | Impact Score: 5.8 | Exploitability Score: 1.6

VMScore: 383

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

Lenovo SHAREit prior to 3.2.0 for Windows and SHAREit prior to 3.5.48_ww for Android transfer files in cleartext, which allows remote malicious users to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo shareit

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities ...

Lenovo's file-sharing app uses hardwired password '12345678' ... or no password at all

The Register • Richard Chirgwin • 27 Jan 2016

Lenov-lol

Lenovo ShareIT users, get patching: the PC maker's file-sharing app is pretty much unsecured. The software runs on Windows and Android devices, and creates a Wi-Fi hotspot allowing data to be exchanged – from phone to PC, PC to phone, etc. But the wireless network is pretty much unsecured on both platforms. In ShareIT for Windows, the Wi-Fi uses “12345678” as a hardcoded password, while in Android, there's no password at all. If someone logs into the Wi-Fi hotspot on Windows, they can brow...

CVE-2016-1489

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect