CVE-2020-28044

2020-11-0117:39:38

mitre

www.cve.org

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.

References

git.lsd.cat/g/pax-pwn