CVE-2018-9070
N/A
N/A
Summary
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo Group Ltd. | Lenovo Smart Assistant | Earlier than 12.1.82 | affected |
Weaknesses
- Root access of the device
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.