The vulnerability of the nac_server component in the Android operating system allows a hacker to elevate their privileges to the level of the root user.

The vulnerability of the nacserver component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability can allow a local attacker to elevate their privileges to those of a root user...

CVE-2017-3748

On Lenovo VIBE mobile phones, improper access controls on the nacserver component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user commonly known as 'rooting' or "jail breaking" a device...

Improper access control

On Lenovo VIBE mobile phones, improper access controls on the nacserver component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user commonly known as 'rooting' or "jail breaking" a device...

Back That App Up: Gaining Root on the Lenovo Vibe

In May of 2016, Mandiant’s Red Team discovered a series of vulnerabilities present on Lenovo’s Vibe P1 Android-based mobile device that allow local privilege escalation to the user “root”. Mandiant disclosed these vulnerabilities to Lenovo in May of 2016. Lenovo advised Mandiant that it should wo...

Back That App Up: Gaining Root on the Lenovo Vibe

In May of 2016, Mandiant’s Red Team discovered a series of vulnerabilities present on Lenovo’s Vibe P1 Android-based mobile device that allow local privilege escalation to the user “root”. Mandiant disclosed these vulnerabilities to Lenovo in May of 2016. Lenovo advised Mandiant that it should wo...

Lenovo VIBE nac_server Component Local Mobilization Vulnerability

VIBE is a line of Android smartphones from Lenovo. The nacserver component of Lenovo VIBE suffers from a local elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges to root...