VYPR
Medium severity6.4NVD Advisory· Published Jul 13, 2018· Updated Jun 17, 2026

CVE-2018-9070

CVE-2018-9070

Description

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.

Affected products

2
  • Lenovo/Smart Assistantllm-create2 versions
    <12.1.82+ 1 more
    • (no CPE)range: <12.1.82
    • (no CPE)range: Earlier than 12.1.82

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.