CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
19.7%
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.
The attacker must have physical USB access to the device in order to exploit this vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
paxtechnology | a920 | - | cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:* |
paxtechnology | paydroid | 7.1.2_aquarius_11.1.50_20230614 | cpe:2.3:o:paxtechnology:paydroid:7.1.2_aquarius_11.1.50_20230614:*:*:*:*:*:*:* |
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
19.7%