Lucene search
+L
PaxtechnologyPaydroid

9 matches found

CVE
CVE
β€’added 2022/12/16 12:0 a.m.β€’97 views

CVE-2022-26579

CVE-2022-26579 affects the PAX A930 PayDroid platform. The issue allows a root-privileged attacker, with shell access, to install unsigned packages by exploiting a path/privilege flaw that enables elevated code execution on the device. The known exploitation path describes copying the APK to /dat...

6CVSS6AI score0.00158EPSS
CVE
CVE
β€’added 2022/12/16 12:0 a.m.β€’97 views

CVE-2022-26580

The CVE-2022-26580 entry concerns the PAX A930 Android-based payment terminal running PayDroid_7.1.1_Virgo_V04.3.26T1_20210419. The vulnerability allows execution of command injections in certain binaries within the ADB daemon shell service. Exploitation requires physical USB access to the device...

6.8CVSS6.6AI score0.01745EPSS
CVE
CVE
β€’added 2022/12/16 12:0 a.m.β€’92 views

CVE-2022-26581

CVE-2022-26581 affects the PAX A930 PayDroid platform where the ADB daemon can execute the systool utility in production mode, enabling an unauthenticated attacker with physical USB access to perform privileged actions. Affected: PAX A930 devices with PayDroid; reported binaries in the ADB daemon...

6.8CVSS6.4AI score0.00329EPSS
CVE
CVE
β€’added 2022/12/16 12:0 a.m.β€’88 views

CVE-2022-26582

CVE-2022-26582 affects PAX A930 PayDroid on multiple builds. The issue enables root-level arbitrary command execution via command injection in the systool client when an attacker has shell access. Root access is achieved by exploiting unsanitized user-supplied commands (e.g., dollar signs/backtic...

7.8CVSS8AI score0.00872EPSS
CVE
CVE
β€’added 2024/01/15 1:28 p.m.β€’56 views

CVE-2023-42136

Summary (CVE-2023-42136 family): Android-based PAX PoS devices (PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 and earlier) are affected by a local privilege escalation via shell injection in a binder-exposed service, allowing an attacker with shell access to execute commands as the system user. Th...

7.8CVSS7.8AI score0.0048EPSS
CVE
CVE
β€’added 2024/01/15 1:28 p.m.β€’55 views

CVE-2023-4818

CVE-2023-4818 affects PAX A920 bootloader downgrade due to a bug in the version check. The signature check remains intact and only bootloaders signed by PAX are accepted. Exploitation requires physical USB access to the device. The connected documents confirm the vulnerability and its physical-ac...

7.6CVSS7.3AI score0.00663EPSS
CVE
CVE
β€’added 2024/01/15 1:28 p.m.β€’49 views

CVE-2023-42134

CVE-2023-42134 and CVE-2023-42135 affect PAX Android PoS devices (e.g., A920Pro/A50) and enable local code execution as root via kernel parameter injection in fastboot on affected PayDroid builds before 20230614; CVE-2023-42136 and CVE-2023-42137 enable privilege escalation via shell injection in...

6.8CVSS6.8AI score0.00557EPSS
CVE
CVE
β€’added 2024/01/15 1:28 p.m.β€’48 views

CVE-2023-42135

CVE-2023-42135 details (PAX A920Pro/A50) affect PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier on PAX Android POS devices. The vulnerability allows local code execution by bypassing input validation during flashing of a specific partition, via parameter injection in the flashing process....

6.8CVSS7AI score0.00591EPSS
CVE
CVE
β€’added 2024/01/15 1:28 p.m.β€’46 views

CVE-2023-42137

CVE-2023-42137 affects PAX Android-based PoS devices running PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier. The issue allows privilege escalation from system/shell user to root via insecure operations in the systool_server daemon (all Android-based PAX PoS devices). Exploitation require...

7.8CVSS7.8AI score0.00466EPSS