Lenovo ShareIT comes with hardcoded password and directory traversal

Hard-coded password in Lenovo SHAREit for Windows

[CVE-2016-1491] When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same.

Remote browsing of file system on Lenovo SHAREit for Windows

[CVE-2016-1490] When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit

Source: Lenovo ShareIT Multiple Vulnerabilities

It’s not going well with Lenovo security

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Leave a Reply