Published: 26/01/2016 Updated: 09/10/2018

CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 6.1 | Impact Score: 4 | Exploitability Score: 1.6

VMScore: 258

Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N

The Wifi hotspot in Lenovo SHAREit prior to 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote malicious users to obtain access by leveraging a position within the WLAN coverage area.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo shareit 3.0.18_ww

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities ...

Lenovo's file-sharing app uses hardwired password '12345678' ... or no password at all

The Register • Richard Chirgwin • 27 Jan 2016

Lenov-lol

Lenovo ShareIT users, get patching: the PC maker's file-sharing app is pretty much unsecured. The software runs on Windows and Android devices, and creates a Wi-Fi hotspot allowing data to be exchanged – from phone to PC, PC to phone, etc. But the wireless network is pretty much unsecured on both platforms. In ShareIT for Windows, the Wi-Fi uses “12345678” as a hardcoded password, while in Android, there's no password at all. If someone logs into the Wi-Fi hotspot on Windows, they can brow...

CVE-2016-1492

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect