{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:36:35.368","vulnerabilities":[{"cve":{"id":"CVE-2018-9070","sourceIdentifier":"psirt@lenovo.com","published":"2018-07-13T16:29:00.643","lastModified":"2024-11-21T04:14:54.773","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo."},{"lang":"es","value":"Para la aplicación de Android Lenovo Smart Assistant en versiones anteriores a la 12.1.82, un atacante con acceso físico al altavoz inteligente puede, pulsando una determinada secuencia de botones, entrar en el modo de pruebas de fábrica y habilitar un servicio web destinado a probar el dispositivo. Como con la mayoría de modos de prueba, éste proporciona privilegios extras, incluyendo el cambio de configuración y la ejecución de código. Lenovo Smart Assistant es un altavoz inteligente diseñado para Amazon Alexa desarrollado por Lenovo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:smart_assistant:*:*:*:*:*:android:*:*","versionEndExcluding":"12.1.82","matchCriteriaId":"147F093A-AF17-4B94-82AE-D477AFFF897A"}]}]}],"references":[{"url":"https://support.lenovo.com/us/en/solutions/LEN-22172","source":"psirt@lenovo.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://support.lenovo.com/us/en/solutions/LEN-22172","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}