wr3nchsr/PAX-Paydroid-Advisories

wr3nchsr/PAX-Paydroid-Advisories

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

A list of advisories for vulnerabilities discovered as a result of conducting vulnerability researches on in PAX's Paydroid system

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-27197 ↗	Jul 5, 2023Wednesday, 5 July 2023, 20:15	6.7 MEDIUM	—
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.
CVE-2023-27198 ↗	Jul 5, 2023Wednesday, 5 July 2023, 20:15	6.8 MEDIUM	—
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.
CVE-2023-27199 ↗	Jul 5, 2023Wednesday, 5 July 2023, 20:15	6.7 MEDIUM	—
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.