CVE-2019-9938

Name of the Vulnerable Software and Affected Versions SHAREit version prior to 4.0.42

Description The issue allows a remote attacker, who is authenticated as a "recognized device" and is on the same network or joins public "open" Wi-Fi hotspots created by the application when file transfer is initiated, to download arbitrary files from the device. This includes sensitive data such as contacts, photos, videos, and sound clips.

Recommendations For versions prior to 4.0.42, update to version 4.0.42 or later to resolve the issue. As a temporary workaround, consider restricting the use of the file transfer feature over public Wi-Fi hotspots until the update is applied.