First published: Thu Jun 29 2017(Updated: )
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | <=5.1.1 | |
Lenovo Vibe A1600 | ||
Lenovo Vibe A2560 | ||
Lenovo Vibe A2800 | ||
Lenovo Vibe A2860 | ||
Lenovo Vibe A2880 | ||
Lenovo Vibe A3000 | ||
Lenovo Vibe A3500 | ||
Lenovo Vibe A3600-d | ||
Lenovo Vibe A3600u | ||
Lenovo Vibe A3800-d | ||
Lenovo Vibe A3900 | ||
Lenovo Vibe A6000 | ||
Lenovo Vibe A6000-i | ||
Lenovo Vibe A6020i37 | ||
Lenovo Vibe A6600 | ||
Lenovo Vibe A6800 | ||
Lenovo Vibe K30-e | ||
Lenovo Vibe K30-w-cu | ||
Lenovo Vibe K32c30 | ||
Lenovo Vibe K80m |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.