Vulnerabilities > CVE-2016-1489 - 7PK - Security Features vulnerability in Lenovo Shareit 2.5.1.1/3.0.18Ww
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/135378/CORE-2016-0002.txt |
| id | PACKETSTORM:135378 |
| last seen | 2016-12-05 |
| published | 2016-01-25 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html |
| title | Lenovo ShareIT Information Disclosure / Hardcoded Password |
The Hacker News
| id | THN:40215F710216890B071AFE57EBF264DD |
| last seen | 2018-01-27 |
| modified | 2016-01-27 |
| published | 2016-01-26 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2016/01/shareit-file-sharing.html |
| title | Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit |
References
- http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities
- http://seclists.org/fulldisclosure/2016/Jan/67
- https://support.lenovo.com/us/en/product_security/len_4058
- http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html
- http://www.securityfocus.com/archive/1/537365/100/0/threaded