CVE-2019-9939

Name of the Vulnerable Software and Affected Versions SHAREit version prior to 4.0.36

Description The issue allows a remote attacker to bypass authentication by requesting a non-existing page, which results in the application responding with a 200 status code and an empty page, and adding the requesting client device to the list of recognized devices. This can occur when the attacker is on the same network or joins public "open" Wi-Fi hotspots created by the application during file transfer initiation.

Recommendations For versions prior to 4.0.36, update to version 4.0.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wi-Fi hotspot created by the application during file transfers to minimize the risk of exploitation.