ГлавнаяУязвимости → CVE-2023-42136
7.8высокая

CVE-2023-42136

Описание

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.

Затрагиваемое ПО
Paxtechnology PaydroidPaxtechnology A50Paxtechnology A6650Paxtechnology A800Paxtechnology A77Paxtechnology A920Paxtechnology A920 proPaxtechnology A920 maxPaxtechnology D190
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://blog.stmcyber.com/pax-pos-cves-2023/https://cert.pl/en/posts/2024/01/CVE-2023-4818/https://cert.pl/posts/2024/01/CVE-2023-4818/https://ppn.paxengine.com/release/developmenthttps://blog.stmcyber.com/pax-pos-cves-2023/https://cert.pl/en/posts/2024/01/CVE-2023-4818/https://cert.pl/posts/2024/01/CVE-2023-4818/https://ppn.paxengine.com/release/development