#VU17874 Improper Authentication in SHAREit for Android - CVE-2019-9939

Cybersecurity Help s.r.o.

Published: 2019-02-27 | Updated: 2019-03-22

Vulnerability identifier: #VU17874

Vulnerability risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2019-9939

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
SHAREit for Android
Mobile applications / Apps for mobile phones

Vendor: SHAREit Technologies Co.Ltd

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the application grants access permissions to any client that requests a non-existing page. A remote attacker can send HTTP GET request to the application to port 2999/tcp, request a non-existing page. The application will add the attacker's device into the list of recognized devices and subsequent requests to the application will be considered as authenticated requests.

A remote attacker with ability to directly connect to the application via network is able to bypass authentication and gain unauthorized access to files on the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SHAREit for Android: 3.0.18 - 4.0.38

External links
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
https://github.com/redforcesec/DUMPit/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in SHAREit for Android