73 matches found
CVE-2022-26580
The CVE-2022-26580 entry concerns the PAX A930 Android-based payment terminal running PayDroid_7.1.1_Virgo_V04.3.26T1_20210419. The vulnerability allows execution of command injections in certain binaries within the ADB daemon shell service. Exploitation requires physical USB access to the device...
PT-2022-17940 · Pax Technology · Paydroid +1
Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows an unauthorized attacker to perform privileged actions through the execution of specific binaries liste...
CVE-2022-26581
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability...
CVE-2022-26579
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...
CVE-2022-26579
CVE-2022-26579 affects the PAX A930 PayDroid platform. The issue allows a root-privileged attacker, with shell access, to install unsigned packages by exploiting a path/privilege flaw that enables elevated code execution on the device. The known exploitation path describes copying the APK to /dat...
CVE-2022-26582
CVE-2022-26582 affects PAX A930 PayDroid on multiple builds. The issue enables root-level arbitrary command execution via command injection in the systool client when an attacker has shell access. Root access is achieved by exploiting unsanitized user-supplied commands (e.g., dollar signs/backtic...
CVE-2022-26581
CVE-2022-26581 affects the PAX A930 PayDroid platform where the ADB daemon can execute the systool utility in production mode, enabling an unauthenticated attacker with physical USB access to perform privileged actions. Affected: PAX A930 devices with PayDroid; reported binaries in the ADB daemon...
PT-2022-17939 · Pax · Pax A930 +1
Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows the execution of specific command injections on selected binaries in the ADB daemon shell service. An...
CVE-2022-26580
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability...
PAX Technology A930 操作系统命令注入漏洞
PAX Technology A930 is an Android mobile payment terminal from PAX Technology, a China-based company. An operating system command injection vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.3.26T120210419 version, which stems from the presence of command injection...
CVE-2022-26580
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability...
CVE-2022-26582
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...
CVE-2022-26579
PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...