3 matches found
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions
The point-of-sale PoS terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to...
CVE-2023-42136
Summary (CVE-2023-42136 family): Android-based PAX PoS devices (PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 and earlier) are affected by a local privilege escalation via shell injection in a binder-exposed service, allowing an attacker with shell access to execute commands as the system user. Th...
CVE-2023-42136
PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...