CVE-2022-26580

Name of the Vulnerable Software and Affected Versions PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201

Description The issue allows the execution of specific command injections on selected binaries in the ADB daemon shell service. An attacker must have physical USB access to the device to exploit this.

Recommendations For PAX A930 device with PayDroid version 7.1.1 Virgo V04.3.26T1 20210419, consider restricting physical USB access to minimize the risk of exploitation. For PAX A930 device with PayDroid version 7.1.1 Virgo V04.4.02 20211201, consider restricting physical USB access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.