PT-2017-16076 · Lenovo · Lenovo Connect2

Published

2017-07-17

Updated

2017-07-27

CVE-2017-3742

CVSS v3.1

4.8

Medium

Vector

AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lenovo Connect2 versions prior to 4.2.5.4885 for Windows Lenovo Connect2 versions prior to 4.2.5.3071 for Android

Description The issue allows an attacker with read access to the user's contents to connect to the Connect2 hotspot and access the contents of files being transferred between two systems. This occurs because the password for an ad-hoc connection is stored in a user-readable location.

Recommendations For versions prior to 4.2.5.4885 for Windows, update to version 4.2.5.4885 or later. For versions prior to 4.2.5.3071 for Android, update to version 4.2.5.3071 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-3742

Affected Products

Lenovo Connect2

PT-2017-16076 · Lenovo · Lenovo Connect2

CVE-2017-3742

Weakness Enumeration

Related Identifiers

Affected Products

References · 3