CVE-2023-42137
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.
The attacker must have shell access to the device in order to exploit this vulnerability.
Affected (1)
Products: Paxtechnology: Paydroid
Configuration A
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A50 | All versions |
Configuration B
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A6650 | All versions |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A800 | All versions |
Configuration D
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A77 | All versions |
Configuration E
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A920 | All versions |
Configuration F
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A920 Pro | All versions |
Configuration G
| Running on/with | Platform Versions |
|---|---|
Paxtechnology A920 Max | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 8.1.0_sagittarius_11.1.50_20230614 |
| Running on/with | Platform Versions |
|---|---|
Paxtechnology D190 | All versions |
References (8)
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Timeline
No history available yet.