Published: 26/01/2016 Updated: 09/10/2018

CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1

CVSS v3 Base Score: 4.1 | Impact Score: 1.4 | Exploitability Score: 2.3

VMScore: 240

Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

The Wifi hotspot in Lenovo SHAREit prior to 3.2.0 for Windows allows remote malicious users to obtain sensitive file names via a crafted file request to /list.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo shareit

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities ...

Lenovo's file-sharing app uses hardwired password '12345678' ... or no password at all

The Register • Richard Chirgwin • 27 Jan 2016

Lenov-lol

Lenovo ShareIT users, get patching: the PC maker's file-sharing app is pretty much unsecured. The software runs on Windows and Android devices, and creates a Wi-Fi hotspot allowing data to be exchanged – from phone to PC, PC to phone, etc. But the wireless network is pretty much unsecured on both platforms. In ShareIT for Windows, the Wi-Fi uses “12345678” as a hardcoded password, while in Android, there's no password at all. If someone logs into the Wi-Fi hotspot on Windows, they can brow...

CVE-2016-1490

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect