PT-2023-20999 · Pax · Pax A930+1

Saif Aziz

Publicado

2023-07-05

Atualizado

2024-07-03

CVE-2023-27198

CVSS v3.1

6.8

Média

Vetor

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PAX A930 device with PayDroid version 7.1.1 Virgo V04.5.02 20220722

Description The issue allows the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this.

Recommendations For PAX A930 device with PayDroid version 7.1.1 Virgo V04.5.02 20220722, consider restricting physical USB access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling the exec service until a patch is available.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-27198

Produtos afetados

Pax A930

Paydroid

PT-2023-20999 · Pax · Pax A930+1

CVE-2023-27198

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8