Information Disclosure Vulnerability in Lenovo SHAREit for Windows
CVE-2016-1490

4.1MEDIUM

Key Information:

Vendor
Lenovo
Status
Shareit
Vendor
CVE Published:
26 January 2016

Summary

Lenovo SHAREit for Windows prior to version 3.2.0 is susceptible to an information disclosure vulnerability that allows remote attackers to obtain sensitive file names. This exploitation occurs through a specially crafted file request directed at the /list endpoint, compromising user privacy and potentially exposing critical data.

References

http://packetstormsecurity.com/files/135378/Lenovo-ShareI...
x_refsource_MISC
https://support.lenovo.com/us/en/product_security/len_4058
x_refsource_CONFIRM
http://www.coresecurity.com/advisories/lenovo-shareit-mul...
x_refsource_MISC

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.