9 matches found
CVE-2022-26579
CVE-2022-26579 affects the PAX A930 PayDroid platform. The issue allows a root-privileged attacker, with shell access, to install unsigned packages by exploiting a path/privilege flaw that enables elevated code execution on the device. The known exploitation path describes copying the APK to /dat...
CVE-2022-26580
The CVE-2022-26580 entry concerns the PAX A930 Android-based payment terminal running PayDroid_7.1.1_Virgo_V04.3.26T1_20210419. The vulnerability allows execution of command injections in certain binaries within the ADB daemon shell service. Exploitation requires physical USB access to the device...
CVE-2022-26581
CVE-2022-26581 affects the PAX A930 PayDroid platform where the ADB daemon can execute the systool utility in production mode, enabling an unauthenticated attacker with physical USB access to perform privileged actions. Affected: PAX A930 devices with PayDroid; reported binaries in the ADB daemon...
CVE-2022-26582
CVE-2022-26582 affects PAX A930 PayDroid on multiple builds. The issue enables root-level arbitrary command execution via command injection in the systool client when an attacker has shell access. Root access is achieved by exploiting unsanitized user-supplied commands (e.g., dollar signs/backtic...
CVE-2023-42136
Summary (CVE-2023-42136 family): Android-based PAX PoS devices (PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 and earlier) are affected by a local privilege escalation via shell injection in a binder-exposed service, allowing an attacker with shell access to execute commands as the system user. Th...
CVE-2023-4818
CVE-2023-4818 affects PAX A920 bootloader downgrade due to a bug in the version check. The signature check remains intact and only bootloaders signed by PAX are accepted. Exploitation requires physical USB access to the device. The connected documents confirm the vulnerability and its physical-ac...
CVE-2023-42134
CVE-2023-42134 and CVE-2023-42135 affect PAX Android PoS devices (e.g., A920Pro/A50) and enable local code execution as root via kernel parameter injection in fastboot on affected PayDroid builds before 20230614; CVE-2023-42136 and CVE-2023-42137 enable privilege escalation via shell injection in...
CVE-2023-42135
CVE-2023-42135 details (PAX A920Pro/A50) affect PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier on PAX Android POS devices. The vulnerability allows local code execution by bypassing input validation during flashing of a specific partition, via parameter injection in the flashing process....
CVE-2023-42137
CVE-2023-42137 affects PAX Android-based PoS devices running PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier. The issue allows privilege escalation from system/shell user to root via insecure operations in the systool_server daemon (all Android-based PAX PoS devices). Exploitation require...