CVE-2018-9070

Name of the Vulnerable Software and Affected Versions Lenovo Smart Assistant Android app versions prior to 12.1.82

Description An issue exists where an attacker with physical access to the smart speaker can enter factory test mode by pressing a specific button sequence. This mode provides extra privileges, including changing settings and running code.

Recommendations For versions prior to 12.1.82, update to version 12.1.82 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the smart speaker to minimize the risk of exploitation.