Information Disclosure in Lenovo SHAREit for Windows and Android
CVE-2016-1489

8HIGH

Key Information:

Vendor
Lenovo
Status
Shareit
Vendor
CVE Published:
26 January 2016

Summary

Lenovo SHAREit prior to specified versions for Windows and Android transmits files in an insecure manner, permitting unauthorized users to intercept sensitive information over the network. This vulnerability is particularly concerning as it allows for man-in-the-middle attacks, which can lead to additional security threats if attackers exploit the lack of encryption during file transfers. Users of SHAREit should be aware of these risks and consider updating to the latest versions to mitigate potential exposure.

References

http://packetstormsecurity.com/files/135378/Lenovo-ShareI...
x_refsource_MISC
https://support.lenovo.com/us/en/product_security/len_4058
x_refsource_CONFIRM
http://www.coresecurity.com/advisories/lenovo-shareit-mul...
x_refsource_MISC

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.