6 matches found
CVE-2023-42133
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version...
PT-2024-13032 · Pax · Pax Android
Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices versions prior to PayDroid 8.1.0 Sagittarius V11.1.61 20240226 Description: The issue allows for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account...
CVE-2023-42136
PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...
Design/Logic Flaw
PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...
Input validation
PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...
CVE-2023-42137
PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability...