Hard-coded password in Lenovo SHAREit for Windows
[CVE-2016-1491] When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same.
Remote browsing of file system on Lenovo SHAREit for Windows
[CVE-2016-1490] When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit
Source: Lenovo ShareIT Multiple Vulnerabilities
It’s not going well with Lenovo security
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft