Adam Klis

**Name of the Vulnerable Software and Affected Versions** PAX Android based POS devices versions prior to PayDroid 8.1.0 Sagittarius V11.1.61 20240226 **Description** The issue allows for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this issue. **Recommendations** For versions prior to PayDroid 8.1.0 Sagittarius V11.1.61 20240226, update the firmware to version PayDroid 8.1.0 Sagittarius V11.1.61 20240226 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier **Description** The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary commands with system account privilege by shell injection, starting with a specific word. The attacker must have shell access to the device to exploit this issue. **Recommendations** For PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier, consider restricting shell access to the device to minimize the risk of exploitation. As a temporary workaround, limit the use of shell injection to prevent the execution of arbitrary commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.45 20230314 or earlier **Description** The issue is related to the presence of undocumented configuration commands in the PayDroid operating system. Exploitation of this issue can allow an attacker to execute arbitrary code. The attacker must have physical USB access to the device to exploit this issue. This can lead to the overwrite of the signed partition and subsequent local code execution via a hidden command. **Recommendations** For PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.45 20230314 or earlier, consider restricting physical USB access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling any functionality that may be related to the undocumented configuration commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier **Description** The issue is due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary commands with high privileges by using malicious symlinks. The attacker must have shell access to the device to exploit this issue. **Recommendations** For PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier, consider restricting shell access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of symlinks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PAX A920Pro/A50 devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier **Description** The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary code via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this issue. **Recommendations** For PAX A920Pro/A50 devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier, consider restricting physical USB access to the device to minimize the risk of exploitation. As a temporary workaround, avoid flashing specific partitions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.