CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4782
https://notcve.org/view.php?id=CVE-2016-4782
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." Lenovo SHAREit en versiones anteriores a 3.5.98_ww en Android en versiones anteriores a 4.2 permite a atacantes remotos tener un impacto no especificado a través de un intento de manipulación: URL, también conocida como "intent scheme URL attack". • https://support.lenovo.com/us/en/product_security/len_6421 • CWE-20: Improper Input Validation •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1490 – Lenovo ShareIT Information Disclosure / Hardcoded Password
https://notcve.org/view.php?id=CVE-2016-1490
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. El hotspot Wifi en Lenovo SHAREit en versiones anteriores a 3.2.0 para Windows permite a atacantes remotos obtener nombres sensibles de archivo a través de una petición de archivo a /list manipulada. Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities. • http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html http://seclists.org/fulldisclosure/2016/Jan/67 http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities http://www.securityfocus.com/archive/1/537365/100/0/threaded https://support.lenovo.com/us/en/product_security/len_4058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1491 – Lenovo ShareIT Information Disclosure / Hardcoded Password
https://notcve.org/view.php?id=CVE-2016-1491
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. El hotspot Wifi en Lenovo SHAREit en versiones anteriores a 3.2.0 para Windows, cuando está configurado para recibir archivos, tiene embebida una contraseña de 12345678, lo que facilita a atacantes remotos obtener acceso aprovechando una posición dentro del área de cobertura WLAN. Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities. • http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html http://seclists.org/fulldisclosure/2016/Jan/67 http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities http://www.securityfocus.com/archive/1/537365/100/0/threaded https://support.lenovo.com/us/en/product_security/len_4058 • CWE-255: Credentials Management Errors •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1489 – Lenovo ShareIT Information Disclosure / Hardcoded Password
https://notcve.org/view.php?id=CVE-2016-1489
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. Lenovo SHAREit en versiones anteriores a 3.2.0 para Windows y SHAREit en versiones anteriores a 3.5.48_ww para Android transfieren archivos en texto plano, lo que permite a atacantes remotos (1) obtener información sensible rastreando la red o (2) llevar a cabo ataques man-in-the-middle (MITM) a través de vectores no especificados. Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities. • http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html http://seclists.org/fulldisclosure/2016/Jan/67 http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities http://www.securityfocus.com/archive/1/537365/100/0/threaded https://support.lenovo.com/us/en/product_security/len_4058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1492 – Lenovo ShareIT Information Disclosure / Hardcoded Password
https://notcve.org/view.php?id=CVE-2016-1492
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. El hotspot Wifi en Lenovo SHAREit en versiones anteriores a 3.5.48_ww para Android, cuando está configurado para recibir archivos, no requiere una contraseña, lo que facilita a atacantes remotos obtener acceso aprovechando una posición dentro del área de cobertura WLAN. Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities. • http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html http://seclists.org/fulldisclosure/2016/Jan/67 http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities http://www.securityfocus.com/archive/1/537365/100/0/threaded https://support.lenovo.com/us/en/product_security/len_4058 • CWE-284: Improper Access Control •