CVE-2018-9070
Last modified
CVE-2018-9070 is a vulnerability of currently unknown severity. For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Smart Assistant | < 12.1.82 |
References
- https://support.lenovo.com/us/en/solutions/LEN-22172Mitigation, Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-22172Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-9070?
How severe is CVE-2018-9070?
How do I fix CVE-2018-9070?
Are you affected by CVE-2018-9070?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST