CVE-2018-14998

Name of the Vulnerable Software and Affected Versions Leagoo P1 Android device with a build fingerprint of sp7731c 1h10 32v4 bird:6.0/MRA58K/android.20170629.214736:user/release-keys

Description The issue allows for command execution as the root user due to a hidden root privilege escalation capability. A user with physical access to the device can obtain a root shell via ADB by modifying read-only system properties at runtime, specifically the ro.debuggable and the ro.secure system properties, and then restarting the ADB daemon.

Recommendations For the Leagoo P1 Android device with the specified build fingerprint, consider restricting physical access to the device to minimize the risk of exploitation. As a temporary workaround, avoid modifying the ro.debuggable and ro.secure system properties to prevent potential root shell access via ADB. At the moment, there is no information about a newer version that contains a fix for this vulnerability.