High severity7.8NVD Advisory· Published Jun 29, 2017· Updated May 13, 2026

CVE-2017-3748

Description

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

Affected products

Lenovo Group Ltd./Lenovo Vibe And Lenovo China Only Moto Mobile Phonesv5
Range: Earlier than 6.0
Google/Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Range: <=5.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/99295nvdThird Party AdvisoryVDB Entry
support.lenovo.com/us/en/product_security/LEN-15823nvdMitigationVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000