Unfortunately, the experts discovered other issues, including file transfer in plain text in both Windows and Android version of Lenovo SHAREit and an open WiFi Network defined on Android devices. “When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit.” Lenovo has released a security update for the app that removes that default password, but that is affected by another vulnerability ( CVE-2016-1490) that could allow attackers to remotely browse a device’s file system. The password is always the same.” states the advisory. Any system with a Wifi Network card could connect to that Hotspot by using that password. “When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Ops, the experts at Lenovo have used a very simple password and hard-coded it in their software. The experts explained that every time the app needs to receive files from devices, it sets up a Wi-Fi hotspot that uses the 12345678 password. One of the flaws is particularly disconcerting, it is the hard-coded password ( CVE-2016-1491) stored in the Lenovo SHAREit for Windows 2.5.1.1. ” states the vulnerability description published by Core Security.Īccording to the security advisory published by, the vulnerable packages are Lenovo SHAREit for Android 3.0.18_ww and Lenovo SHAREit for Windows 2.5.1.1. Lenovo SHAREit for Windows and Android are prone to multiple vulnerabilities which could result in integrity corruption, information leak and security bypasses. “SHAREit is a free application from Lenovo that lets you easily share files and folders among smartphones, tablets, and personal computers. The vulnerabilities were discovered by a group of researchers at Core Security’s CoreLabs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |