Published: 26/01/2016 Updated: 09/10/2018

CVSS v2 Base Score: 5.4 | Impact Score: 6.4 | Exploitability Score: 5.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 481

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P

The Wifi hotspot in Lenovo SHAREit prior to 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote malicious users to obtain access by leveraging a position within the WLAN coverage area.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo shareit

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities ...

Lenovo's file-sharing app uses hardwired password '12345678' ... or no password at all

The Register • Richard Chirgwin • 27 Jan 2016

Lenov-lol

Lenovo ShareIT users, get patching: the PC maker's file-sharing app is pretty much unsecured. The software runs on Windows and Android devices, and creates a Wi-Fi hotspot allowing data to be exchanged – from phone to PC, PC to phone, etc. But the wireless network is pretty much unsecured on both platforms. In ShareIT for Windows, the Wi-Fi uses “12345678” as a hardcoded password, while in Android, there's no password at all. If someone logs into the Wi-Fi hotspot on Windows, they can brow...

CVE-2016-1491

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect