Egor Zaytsev

Name of the Vulnerable Software and Affected Versions: Verifone MX900 series Pinpad Payment Terminals version 30251000 Description: The issue is related to a race condition that allows for Role-Based Access Control (RBAC) bypass. This means that an attacker could potentially exploit this condition to gain unauthorized access or elevate privileges. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Recommendations: For Verifone MX900 series Pinpad Payment Terminals version 30251000, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone VerixV Pinpad Payment Terminals version QT000530 Description: The issue allows bypass of integrity and origin control for S1G file generation. Recommendations: For Verifone VerixV Pinpad Payment Terminals version QT000530, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone MX900 series Pinpad Payment Terminals version 30251000 Description: The issue allows for the installation of unsigned packages on the Verifone MX900 series Pinpad Payment Terminals. Recommendations: For version 30251000, ensure that only signed packages are installed to prevent potential exploitation. As a temporary workaround, consider restricting package installation privileges until a patch is available.

Name of the Vulnerable Software and Affected Versions: Verifone Pinpad Payment Terminals (affected versions not specified) Description: The issue allows undocumented physical access to the system via an SBI bootloader memory write operation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone VerixV Pinpad Payment Terminals with QT000530 Description: The issue concerns an undocumented physical access mode, also referred to as VerixV shell.out, in Verifone VerixV Pinpad Payment Terminals. This mode can potentially be exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 Description: A buffer overflow issue exists via the Run system call. Recommendations: For Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Verifone MX900 series Pinpad Payment Terminals version 30251000 Description: The issue concerns Insecure Permissions, which can lead to arbitrary command injection and privilege escalation through svc netcontrol. Recommendations: For Verifone MX900 series Pinpad Payment Terminals version 30251000, consider restricting access to the svc netcontrol service to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verifone MX900 series Pinpad Payment Terminals version 30251000 Description: The issue allows for multiple arbitrary command injections, as demonstrated by the file manager. Recommendations: For Verifone MX900 series Pinpad Payment Terminals version 30251000, at the moment, there is no information about a newer version that contains a fix for this vulnerability.