CVE-2022-26582

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

EUVD-2023-46593

Malicious code in bioql PyPI...

CVE-2023-27197

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2023-42133

The CVE-2023-42133 issue affects PAX Android based POS devices. The vulnerability allows escalation of privilege via improperly configured scripts in the PayDroid runtime, requiring shell access with system account privileges to exploit. A firmware patch addressing this vulnerability is included ...

CVE-2023-42133

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version...

The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability could allow a hacker to execute arbitrary code...

The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing attackers to execute arbitrary commands.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a hacker to execute arbitrary commands...

The vulnerability of the PayDroid operating system, which arises due to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability could allow a hacker to execute arbitrary code...

The vulnerability of the PayDroid operating system, related to the presence of undocumented configuration commands, allows a hacker to execute arbitrary code.

The vulnerability of the PayDroid operating system is related to the presence of undocumented configuration commands. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing attackers to execute arbitrary commands.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a hacker to execute arbitrary commands...

PT-2024-13032 · Pax · Pax Android

Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices versions prior to PayDroid 8.1.0 Sagittarius V11.1.61 20240226 Description: The issue allows for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

Design/Logic Flaw

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...

Input validation

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

CVE-2023-42137

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2023-42137

CVE-2023-42137 affects PAX Android-based PoS devices running PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier. The issue allows privilege escalation from system/shell user to root via insecure operations in the systool_server daemon (all Android-based PAX PoS devices). Exploitation require...

CVE-2023-42135

CVE-2023-42135 details (PAX A920Pro/A50) affect PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier on PAX Android POS devices. The vulnerability allows local code execution by bypassing input validation during flashing of a specific partition, via parameter injection in the flashing process....