Описание
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
EPSS
6.4 Medium
CVSS3
6.9 Medium
CVSS2
Дефекты
Связанные уязвимости
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
EPSS
6.4 Medium
CVSS3
6.9 Medium
CVSS2