Lenovo has been forced to release urgent software fixes after a number of embarrassing flaws were uncovered in its products, including one that left a hard-coded password set to '12345678' by default.
Researchers at Core Security posted an advisory that listed four vulnerabilities in Lenovo's ShareIT function that could result in man-in-the-middle attacks, information leaks and the bypassing of encryption.
ShareIT is a free Lenovo application that lets users share files and folders between computers, smartphones and tablets.
The flaws affect ShareIT for Android 3.0.18 and Windows 2.5.1.1. Other products and versions may also be affected, but they were not tested.
The first security update (CVE-2016-1491) fixes a hard-coded password flaw affecting Windows that leaves WiFi hotspots open to exploitation.
